Skip to content

tinkthemaker/sigil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
hook
hook
 
 
locket
locket
 
 
report
report
 
 
scan
scan
 
 
tui
tui
 
 
AGENTS.md
AGENTS.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
report.json
report.json
 
 
report.md
report.md
 
 
sigil.exe
sigil.exe
 
 
test_config.py
test_config.py
 
 

Repository files navigation

Sigil

Go License

Secrets discovery and remediation tool for developers.

Find secrets. Store them safely. Never commit them again.

Install

go install github.com/tinkthemaker/sigil@latest

Requires Go 1.24+.

Commands

sigil scan [path]              # Scan directory, print findings
sigil scan [path] --json file  # Output JSON report
sigil scan [path] --md file    # Output Markdown report
sigil scan [path] --exit-code  # Exit non-zero if critical findings
sigil hook install             # Install git pre-commit hook
sigil hook uninstall           # Remove git pre-commit hook

Patterns

Sigil detects these secret types:

Pattern Severity
AWS Access Key ID Critical
AWS Secret Access Key Critical
GitHub PAT (classic / fine-grained) Critical
OpenAI API Key Critical
Private Key Critical
Generic API Key High
Generic Secret / Password High
Bearer Token High
Slack Token High

Pre-commit Hook

Block commits with critical secrets:

sigil hook install

The hook scans staged files and exits non-zero if any Critical severity findings are found.

Locket Integration

Sigil can remediate findings by storing them in locket:

echo "SECRET" | locket add aws_prod_key --stdin

License

MIT

About

Secrets discovery and remediation tool for developers. Scans code for hardcoded secrets and integrates with locket.

Topics

go security scanner secrets git-hooks locket

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages