Overview

Beta program

Please note that Has My Secret Leaked features are currently in beta.

Has My Secret Leaked is a new product developed by GitGuardian to discover potential public leaks of your secrets. Has My Secret Leaked currently monitors Github public repositories (Commits, Gists and Issues).

If you want to deep dive into the protocol, read our blog post.

Usage

ggshield hmsl proposes two methods to check your secrets:

• you can either use 3 separate commands to understand what happens under the hood
• or you can use ggshield hmsl check that does everything at once

Check your configuration

Before anything else, you can make sure you are able to reach the service (and see if you are authenticated) by running ggshield hmsl api-status. You can also use ggshield hmsl quota to see how many credits you have left.

Learn more about ggshield hmsl configuration

What happens under the hood

ggshield uses 3 steps to check your secrets. By running each of these steps separately you'll learn how Has My Secret Leaked is able to check your secrets without any knowledge of them.

1. ggshield fingerprints your secrets
2. ggshield queries HMSL service using prefixes or full hashes
3. ggshield decrypts the returned payload

Was this page helpful?