Skip to main content


Welcome to the documentation of the secrets detection engine developed by GitGuardian.

The purpose of this documentation is to provide you with an in-depth technical presentation of our secrets detection algorithms. Here is an overview of the different topics covered.

Secrets detection engine#

The first section you need to dig into. You will discover the overall architecture of our secrets detection engine, its philosophy and the main features of our detection algorithms.

PreValidators and PostValidators#

GitGuardian runs validation checks before and after our detection algorithms to ensure the highest precision.

Encrypted secrets#

This section explains how we recognize encrypted secrets.

Frequently Asked Questions#

This section provides answers to the most common asked questions, such as the sensitivity of cryptographic keys or public key certificates.


The glossary of all terms used in GitGuardian's secrets detection engine.

Remediate a leak on public GitHub#

This section provides a step-by-step guide on how to remediate a leak that occurred on public GitHub. We highly recommend reading this section to be prepared in the event of an accidental credentials leak.


This documentation describes all the supported detectors and their algorithms configured in YAML files. GitGuardian makes a distinction between specific secrets, such as API keys of known providers (eg: AWS keys), and generic secrets (eg: passwords).