Secrets
Schema-driven detector documentation.
SECRETSactiveP06 params8 examples
Detector Metadata
Capability catalog entry from
all_detectors.json.Categories
SECURITYCOMPLIANCE
Supported Asset Types
TXTTABLEURL
Recommended Model
detect-secretsNotes
Detects confidential credentials like API keys, tokens, or passwords that could lead to security breaches.
Parameters
Configuration parameters for the Secrets detector. Shared from `SecretsDetectorConfig`.
| Parameter | Type | Required | Description | Default | Constraints |
|---|---|---|---|---|---|
| enabled_patterns | array | null | No | Subset of detect-secrets plugins to enable. When null all supported plugins are active. | null | — |
| entropy_limit_base64 | number | null | No | Entropy threshold for Base64HighEntropyString (0-8). Defaults to detect-secrets built-in of 4.5 when null. Lower values catch more secrets but increase false positives. | null | — |
| entropy_limit_hex | number | null | No | Entropy threshold for HexHighEntropyString (0-8). Defaults to detect-secrets built-in of 3.0 when null. Lower values catch more secrets but increase false positives. | null | — |
| confidence_threshold | number | No | Minimum confidence score to report a finding (0-1) | 0.7 | min 0, max 1 |
| max_findings | integer | null | No | Maximum number of findings to return per asset | null | — |
| severity_threshold | enum | null | No | Minimum severity level to include in results. Findings below this threshold are suppressed. | null | — |