GitGuardian has developed a secret-fingerprinting protocol to assist developers in identifying if their secrets have been leaked in public GitHub repositories [1] [3] [4].


The protocol involves encrypting and hashing the secret [1] [2] [3] [5], with only a partial hash shared with GitGuardian to limit potential matches [1] [4] [5]. This ensures user control and adds an extra layer of security as the encryption and hashing toolkit is placed on the client-side. GitGuardian offers two tools, HasMySecretLeaked web interface and ggshield CLI [1] [3] [4], which allow users to check if their secrets have been leaked without revealing the actual secrets. Users can generate the hash locally using a Python script and input the output into the HasMySecretLeaked web interface without disclosing the secret itself [2]. Within the first few weeks of its launch [2], over 9,000 secrets have been checked [1] [3], highlighting the demand for such a tool in the development community [2]. The web interface allows users to check up to five secrets per day for free, with additional options available through the CLI. Throughout the process, GitGuardian prioritizes transparency and customer control [1] [3] [4]. The protocol is documented in ggshield’s documentation for the hsml command [4].


The secret-fingerprinting protocol developed by GitGuardian has had a significant impact on the development community, with thousands of secrets already checked. This tool addresses the need for enhanced security in public GitHub repositories and provides developers with a reliable method to protect their sensitive information. As the protocol continues to evolve, it is expected to have a lasting impact on the industry, ensuring the confidentiality of secrets and promoting secure development practices.