/secrets | scrub | ClaudePluginHub

Back to Commands

Slash Command

Community

/secrets

0

Description

Scan for and remove API keys, tokens, passwords, and other secrets from code

AI Summary

Scans code for hardcoded secrets and optionally redacts them with placeholders.

Install

1

Add the repository(one-time)

$

/plugin marketplace add iamfiscus/claude-code-scrub

2

Install the plugin

$

/plugin install iamfiscus-scrub@iamfiscus/claude-code-scrub

Argument

[--fix] [--verbose] [path]

Allowed Tools

BashReadGlob

Command Content

Scrub Secrets

Detect and optionally remove hardcoded secrets from source code.

Usage

Execute the secrets scanning script:

bash "$CLAUDE_PLUGIN_ROOT/scripts/scrub-secrets.sh" [--fix] [--verbose] <path>

Options

--fix: Replace found secrets with [REDACTED_TYPE] placeholders
--verbose or -v: Show the actual line content containing secrets
path: File or directory to scan (defaults to current directory)

Detected Patterns

AWS Access Keys and Secret Keys
GitHub Tokens (PAT, OAuth, App)
GitLab Tokens
Slack Tokens and Webhooks
Google API Keys
Stripe Keys (live and test)
JWT Tokens
Private Keys (RSA, EC, DSA, OpenSSH)
Generic API keys, secrets, passwords, tokens

Examples

/scrub:secrets - Scan current directory
/scrub:secrets ./src - Scan specific folder
/scrub:secrets --verbose ./config.js - Show secret locations with content
/scrub:secrets --fix ./ - Find and redact all secrets

Exit Codes

0: No secrets found
1: Secrets found (or fixed)

Excluded Paths

Automatically skips: .git/, node_modules/, __pycache__/, venv/, dist/, build/, .next/, lock files

Links

GitHub Stats

0 forks

Updated 5 days ago