SecretSentry

SecretSentry is a web app with a lightweight CLI that prevents API keys, tokens, and certificates from slipping into Git repos, CI logs, container images, and IaC templates. It scans pull requests and pipeline output in real time, blocks merges on verified secret findings, and auto-opens a remediation PR that replaces the secret with a reference to your vault. It also detects “secret sprawl” by correlating the same credential across repos and build systems, then guides rotation with checklists and owner routing. The product focuses on being practical: low false positives, fast scans, and clear proof (where the secret appeared, who introduced it, and where it propagated). Integrations target the common DevSecOps path: GitHub/GitLab, popular CI providers, and major secret managers. It’s a combination traditional + AI app: deterministic detectors for accuracy plus AI to propose safe fixes and rotation steps.