PHPackages                             captainhook/secrets - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. captainhook/secrets

ActiveLibrary[Security](/categories/security)

captainhook/secrets
===================

Utility classes to detect secrets

0.9.7(1y ago)103.6M—2.2%11MITPHPPHP &gt;=8.0CI passing

Since Nov 28Pushed 1y ago1 watchersCompare

[ Source](https://github.com/captainhook-git/secrets)[ Packagist](https://packagist.org/packages/captainhook/secrets)[ GitHub Sponsors](https://github.com/sponsors/sebastianfeldmann)[ RSS](/packages/captainhook-secrets/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (6)DependenciesVersions (8)Used By (1)

CaptainHook Secrets
===================

[](#captainhook-secrets)

[![Latest Stable Version](https://camo.githubusercontent.com/61b3403108bc53c9f078d9bcb1d892ed61cb5bf7602c5f53909d79a291237acc/68747470733a2f2f706f7365722e707567782e6f72672f6361707461696e686f6f6b2f736563726574732f762f737461626c652e7376673f763d31)](https://packagist.org/packages/captainhook/secrets)[![Minimum PHP Version](https://camo.githubusercontent.com/905c670b6e3bc20026bddbc8923df4d38111e526b88f1252ac4ceb6643299d96/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344253230382e302d3838393242462e737667)](https://php.net/)[![Downloads](https://camo.githubusercontent.com/e39f8b44685e4de8d9f0be0e0e7af5a5d4b4cb87a261fc7f10107612d4f474ec/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6361707461696e686f6f6b2f736563726574732e7376673f7631)](https://packagist.org/packages/captainhook/captainhook)[![License](https://camo.githubusercontent.com/0340a6a54a118712bcda214142cbb78741d11dea6f7c2676c9afff53572758a7/68747470733a2f2f706f7365722e707567782e6f72672f6361707461696e686f6f6b2f736563726574732f6c6963656e73652e7376673f763d31)](https://packagist.org/packages/captainhook/secrets)[![Build Status](https://github.com/captainhook-git/secrets/workflows/continuous-integration/badge.svg)](https://github.com/captainhook-git/secrets/actions)[![Twitter](https://camo.githubusercontent.com/0679fa647fa5d15d52ab91659e3787415b11bd83b710b50388067935f6bd7da4/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f547769747465722d2534306361707461696e686f6f6b7068702d626c75652e737667)](https://twitter.com/intent/user?screen_name=captainhookphp)

This package is used to detect passwords in your code. Mainly to prevent you from committing them to your version control.

You can use the regular expressions provided by the classes under `Regex\Supplier` or make use of the included `Detector` class. You can easily create your own `Supplier` classes or open a pull-request if you think it would be useful to others.

Here are some usage examples:

Using `Suppliers`

```
$result = Detector::create()
         ->useSuppliers(
            Aws::class,
            Google::class,
            GitHub::class
        )->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}
```

Using your custom regex

```
$result = Detector::create()
        ->useRegex('#password = "\\S"#i')
        ->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}
```

The `Detector` also supports a white list

```
$result = Detector::create()
        ->useRegex('#password = "\\S"#i')
        ->allow('#root#')
        ->detectIn($myString)

if ($result->wasSecretDetected()) {
    echo "secret detected: " . implode(' ', $result->matches());
}
```

###  Health Score

40

—

FairBetter than 88% of packages

Maintenance46

Moderate activity, may be stable

Popularity49

Moderate usage in the ecosystem

Community10

Small or concentrated contributor base

Maturity42

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~82 days

Recently: every ~123 days

Total

7

Last Release

406d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/9250358?v=4)[Sebastian Feldmann](/maintainers/sebastianfeldmann)[@sebastianfeldmann](https://github.com/sebastianfeldmann)

---

Top Contributors

[![sebastianfeldmann](https://avatars.githubusercontent.com/u/9250358?v=4)](https://github.com/sebastianfeldmann "sebastianfeldmann (25 commits)")

---

Tags

gitgit-hookssecret-detectionsecuritytokenssecretscommit-msgprepare-commit-msgpost-mergepasswordskeys

### Embed Badge

![Health badge](/badges/captainhook-secrets/health.svg)

```
[![Health](https://phpackages.com/badges/captainhook-secrets/health.svg)](https://phpackages.com/packages/captainhook-secrets)
```

###  Alternatives

[captainhook/captainhook

PHP git hook manager

1.1k6.8M370](/packages/captainhook-captainhook)[unicodeveloper/laravel-password

Protect your users from entering dumb and common passwords

4261.4M2](/packages/unicodeveloper-laravel-password)[jeremykendall/password-validator

Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords.

14469.9k3](/packages/jeremykendall-password-validator)[ionux/phactor

Phactor is a high-performance PHP implementation of the elliptic curve math functions required to generate &amp; verify private/public (asymmetric) EC keypairs and ECDSA signatures based on secp256k1 curve parameters. This library also includes a class to generate Service Identification Numbers (SINs) based on the published Identity Protocol v1 spec.

5275.0k30](/packages/ionux-phactor)[mxrxdxn/pwned-passwords

A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.

3270.9k2](/packages/mxrxdxn-pwned-passwords)[defuse/php-passgen

PHP Random Password Generator Library

4017.7k](/packages/defuse-php-passgen)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)