A powerful Git pre-commit hook and GitHub Actions workflow designed to automatically detect and prevent the commit of private keys, API keys, and other sensitive information.
-
Blockchain Private Keys
- ✅ Ethereum Private Keys (0x + 64 hex characters)
- ✅ PEM Format Private Keys (BEGIN ... PRIVATE KEY)
-
Cloud Service Keys
- ✅ AWS Access Keys (AKIA...)
- ✅ AWS Secret Keys
-
AI Service API Keys
- ✅ OpenAI API Keys (sk-..., sk-proj-...)
- ✅ Google AI (Gemini) API Keys (AIza...)
- ✅ Anthropic (Claude) API Keys (sk-ant-...)
-
Developer Tool Keys
- ✅ GitHub Personal Access Tokens (ghp_..., gho_..., ghs_...)
- ✅ Stripe API Keys (sk_live_..., sk_test_...)
-
Generic Patterns
- ✅ Private keys with actual values (private_key=0x...)
- ✅ Generic API key patterns (api_key="...")
- Local Git Hook - Instant feedback, detects issues before commit.
- GitHub Actions - Cloud-based enforcement, protects the main branch.
- ✅ Detects only actual key values.
- ✅ Allows placeholders and empty values.
- ✅ Allows keywords in documentation.
- ✅ Automatically excludes
node_modules,dist, etc. - ✅ Filters out comment lines.
Run this command in your project root:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/jhfnetboy/LeakShield/main/scripts/install-hooks.sh)"# Clone this repository
git clone https://github.com/jhfnetboy/LeakShield.git
# Run the deployment script
./LeakShield/scripts/deploy-to-project.sh /path/to/your/project# Add as a submodule
git submodule add https://github.com/jhfnetboy/LeakShield.git .githooks
# Install hooks
.githooks/scripts/install-hooks.sh一个强大的 Git pre-commit hook 和 GitHub Actions,用于自动检测和防止提交私钥、API keys 和其他敏感信息。
-
区块链私钥
- ✅ Ethereum 私钥 (0x + 64位十六进制)
- ✅ PEM 格式私钥 (BEGIN ... PRIVATE KEY)
-
云服务密钥
- ✅ AWS Access Keys (AKIA...)
- ✅ AWS Secret Keys
-
AI 服务 API Keys
- ✅ OpenAI API Keys (sk-..., sk-proj-...)
- ✅ Google AI (Gemini) API Keys (AIza...)
- ✅ Anthropic (Claude) API Keys (sk-ant-...)
-
开发工具密钥
- ✅ GitHub Personal Access Tokens (ghp_..., gho_..., ghs_...)
- ✅ Stripe API Keys (sk_live_..., sk_test_...)
-
通用模式
- ✅ 带有实际值的私钥 (private_key=0x...)
- ✅ 通用 API key 模式 (api_key="...")
- 本地 Git Hook - 快速反馈,在提交前立即检测
- GitHub Actions - 云端强制执行,保护主分支
- ✅ 只检测实际的密钥值
- ✅ 允许占位符和空值
- ✅ 允许文档中的关键词
- ✅ 自动排除
node_modules、dist等目录 - ✅ 过滤注释行
在你的项目根目录下运行:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/jhfnetboy/LeakShield/main/scripts/install-hooks.sh)"# Clone 这个 repository
git clone https://github.com/jhfnetboy/LeakShield.git
# 运行部署脚本
./LeakShield/scripts/deploy-to-project.sh /path/to/your/project# 添加为 submodule
git submodule add https://github.com/jhfnetboy/LeakShield.git .githooks
# 安装 hooks
.githooks/scripts/install-hooks.shMIT License - see the LICENSE file for details.
Made with ❤️ for secure coding