Skip to main content


Welcome to the documentation of the secrets detection engine developed by GitGuardian.

The purpose of this documentation is to provide you with an in-depth technical presentation of our secrets detection algorithms. Here is an overview of the different topics covered.

Secrets detection engine#

The first section you need to dig into. You will discover the overall architecture of our secrets detection engine, its philosophy and the main features of our detection algorithms.

PreValidators and PostValidators#

Surrounding the detection algorithms, GitGuardian makes pre and post treatment to ensure the highest precision.

Frequently Asked Questions#

This section provides answers to the most common questions asked, such as the sensitivity of cryptographic keys or public key certificates.


The glossary of all the terms employed and used in GitGuardian's secrets detection engine.

Remediate a leak on public GitHub#

This section provides a step-by-step guide on how to remediate a leak that occurred on public GitHub. We highly recommend reading this section to be prepared in the event of an accidental credentials leak.


This documentation exposes all the supported detectors and their algorithms configured in yml files. GitGuardian makes a distinction between specific secrets, such as API keys of know providers (eg: AWS keys), and generic secrets (eg: passwords).