Skip to content
GenAIScript
Blog
A simple 8-bit style illustration features a desktop computer displaying a code window with lines blacked out to represent redacted information, accompanied by a shield icon marked with an asterisk to indicate security or secret protection, and a gear icon symbolizing customizable settings. The design uses five solid geometric colors, with no people, text, background, shadows, gradients, or three-dimensional effects, fitting a corporate look at a small 128x128 pixel size.

Secret Scanning

One should not have secrets lying around in their codebase, but sometimes it happens. To help you avoid this, we have a secret scanning feature that will scan your codebase for secrets and warn you if any are found.

Supported patterns

Section titled “Supported patterns”

By default set of secret patterns is almost empty and defined at https://github.com/microsoft/genaiscript/tree/main/packages/core/src/config.json.

You can find examples of patterns at https://github.com/mazen160/secrets-patterns-db/.

Scanning messages

Section titled “Scanning messages”

By default, all messages sent to LLMs are scanned and redacted if they contain secrets.

You can disable secret scanning alltogher by setting the secretScanning option to false in your script.

script({
    secretScanning: false,
})

Configuring patterns

Section titled “Configuring patterns”

If you have a specific pattern that you want to scan for, you can configure it in your configuration file.

genaiscript.config.json
{
    "secretPatterns": {
        ...,
        "my secret pattern": "my-secret-pattern-regex"
    }
}
  • do not use ^ or $ in your regex pattern

Disabling patterns

Section titled “Disabling patterns”

Set the pattern key to null or false to disable it.

genaiscript.config.json
{
    "secretPatterns": {
        "OpenAI API Key": null
    }
}

CLI

Section titled “CLI”

You can test your patterns against files using the CLI.

Terminal window
genaiscript parse secrets *