PHPackages selfphp/secrets-detector - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [DevOps & Deployment](/categories/devops) 4. / 5. selfphp/secrets-detector ActiveLibrary[DevOps & Deployment](/categories/devops) selfphp/secrets-detector ======================== Detect secrets like API keys, tokens or passwords in PHP projects (e.g. in .env, config, or PHP source). Ideal for CI/CD and pre-commit hooks. 1.0.0(11mo ago)18MITPHPPHP ^8.1 Since Jun 8Pushed 11mo agoCompare [ Source](https://github.com/selfphp/secrets-detector)[ Packagist](https://packagist.org/packages/selfphp/secrets-detector)[ RSS](/packages/selfphp-secrets-detector/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) ๐Ÿ” secrets-detector ================== [](#-secrets-detector) Detect hardcoded secrets like API keys, tokens or passwords in PHP projects โ€“ ideal for CI/CD pipelines, pre-commit hooks, or manual audits. ๐Ÿš€ Features ---------- [](#-features) - ๐Ÿ” Scans `.env`, `.ini`, PHP source and config files for secrets - ๐Ÿ“ฆ Composer integration (autoload & CLI) - ๐Ÿง  Framework-aware: supports Symfony (`APP_SECRET`), Laravel (`JWT_SECRET`), and others - โš™๏ธ Configurable scan paths via `.secrets-detector.json` - ๐Ÿ“„ Output formats: JSON, Markdown - โœ… CI/CD-ready with exit codes for automated fail conditions ๐Ÿ“ฆ Installation -------------- [](#-installation) ### As a dev dependency: [](#as-a-dev-dependency) ``` composer require --dev selfphp/secrets-detector ``` ### Or install globally: [](#or-install-globally) ``` composer global require selfphp/secrets-detector ``` ๐Ÿ”ง Usage ------- [](#-usage) ``` php bin/secrets-detector secrets:scan ``` ### Options [](#options) OptionDescription`--json=report.json`Export results to JSON`--markdown=report.md`Export results to Markdown`--fail-on-detect`Exit with non-zero code on finding secrets### Example [](#example) ``` php bin/secrets-detector secrets:scan --json=report.json --markdown=report.md --fail-on-detect ``` ๐Ÿ›  Configuration --------------- [](#-configuration) You can define custom include/exclude paths using a `.secrets-detector.json` file in your project root: ``` { "include": ["src", "config", ".env"], "exclude": ["vendor", "tests"] } ``` ๐Ÿงช Testing --------- [](#-testing) Run all unit tests: ``` vendor/bin/phpunit --display-deprecations ``` โœ… CI Integration ---------------- [](#-ci-integration) See ready-made CI examples in [docs/ci](docs/ci): - `github-actions.yml` - `gitlab-ci.yml` - `bitbucket-pipelines.yml` Each file shows how to run the CLI and fail builds if secrets are detected. ๐Ÿง  Patterns Detected ------------------- [](#-patterns-detected) - Stripe secrets: `sk_live_`, `sk_test_` - Bearer tokens: `Authorization: Bearer ...` - AWS credentials: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` - Database logins: `DB_PASSWORD`, `DB_USERNAME` - JWT and app secrets: `JWT_SECRET`, `APP_SECRET` - Google API keys: `AIza...` - Private keys: `-----BEGIN PRIVATE KEY-----` (See [PatternRegistry](src/Pattern/PatternRegistry.php) for all patterns.) ๐Ÿ“œ License --------- [](#-license) MIT ๐Ÿ‘ค Author -------- [](#-author) **SELFPHP - Damir Enseleit** [@SELFPHP](https://phpc.social/@SELFPHP) ### Health Score 30 โ€” LowBetter than 64% of packages Maintenance51 Moderate activity, may be stable Popularity8 Limited adoption so far Community8 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 50% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 344d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d9da560cb003f45736b988e005afce3c17647553a1c1cea771b3cde3b7890ad1?d=identicon)[SELFPHP](/maintainers/SELFPHP) --- Top Contributors [![DamirEnseleit](https://avatars.githubusercontent.com/u/206047444?v=4)](https://github.com/DamirEnseleit "DamirEnseleit (1 commits)")[![selfphp](https://avatars.githubusercontent.com/u/12782362?v=4)](https://github.com/selfphp "selfphp (1 commits)") --- Tags phpcomposersecuritytokenAuditcisecretsapi-keypre-commit ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/selfphp-secrets-detector/health.svg) ``` [![Health](https://phpackages.com/badges/selfphp-secrets-detector/health.svg)](https://phpackages.com/packages/selfphp-secrets-detector) ``` ### Alternatives [wsdltophp/packagegenerator Generate hierarchical PHP classes based on a WSDL 4351.9M19](/packages/wsdltophp-packagegenerator) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)