Too many secrets (2MS) is an open source project dedicated to helping people protect their sensitive information like passwords, API keys from appearing in public websites and communication services.
During the software development lifecycle (SDLC), developers ofen communicate and exchange secret data in various ways. While there are tools available for detecting secrets in source code and Git repositories, there are few options for identifying secrets in plain text documents, emails, chat logs, content managment systems and more. Some of them are public, or have a mixture of private / public, meaning it's easy to make an onest mistake and publish secret data to the world wide web.
2ms is built over a secret detection engine (currently gitleaks) and includes various plugins to interact with popular platforms. This means anyone can contribute, improve and extend 2ms quite easily. We believe that by working together, we can create a more secure digital world. You're welcome to join our community.
- Confluence
- Discord
- Slack
- Git
- Paligo
- Local directory / files
curl -LO https://github.com/Checkmarx/2ms/releases/latest/download/2ms && chmod +x 2ms
./2ms
docker run -v path/to/my/repo:/repo checkmarx/2ms git /repo
(For git
command, you have to mount your git repository to /repo
inside the container)
2ms Secrets Detection: A tool to detect secrets in public websites and communication services.
Usage:
2ms [command]
Commands
confluence Scan Confluence server
discord Scan Discord server
filesystem Scan local folder
git Scan local Git repository
paligo Scan Paligo instance
slack Scan Slack team
Additional Commands:
completion Generate the autocompletion script for the specified shell
help Help about any command
rules List all rules
Flags:
--config string config file path
--exclude-rule strings exclude rules by name or tag to apply to the scan (removes from list, starts from all)
-h, --help help for 2ms
--include-rule strings include rules by name or tag to apply to the scan (adds to list, starts from empty)
--log-level string log level (trace, debug, info, warn, error, fatal) (default "info")
--regex stringArray custom regexes to apply to the scan, must be valid Go regex
--report-path strings path to generate report files. The output format will be determined by the file extension (.json, .yaml, .sarif)
--stdout-format string stdout output format, available formats are: json, yaml, sarif (default "yaml")
-v, --version version for 2ms
Use "2ms [command] --help" for more information about a command.
Made by Checkmarx with ❤️