Overview
The Secrets scanner detects and redacts API keys, tokens, credentials, and other sensitive secrets embedded in prompts using the detect-secrets library with 80+ custom plugins.
Description
Secrets is an input scanner that leverages the detect-secrets library to identify a wide range of secret types including API keys, access tokens, private keys, database connection strings, and other credentials. When a secret is detected, the scanner can redact it using one of three configurable modes: partial (masks most characters while preserving a few for identification), all (replaces the entire value with a placeholder), or hash (replaces the value with a SHA-256 hash). The scanner writes the prompt to a temporary file for analysis by detect-secrets, then processes the results using presidio_anonymizer for consistent redaction. It supports over 80 secret detection plugins, making it one of the most comprehensive secret scanning solutions available.
Usage
Use the Secrets scanner when you need to prevent sensitive credentials, API keys, tokens, or other secrets from being sent to an LLM. This is critical in enterprise environments where prompts may inadvertently contain configuration values, environment variables, or code snippets with embedded secrets.
Code Reference
Source Location
Signature
class Secrets(Scanner):
def __init__(
self,
*,
redact_mode: str = REDACT_ALL, # choices: "partial", "all", "hash"
) -> None: ...
def scan(self, prompt: str) -> tuple[str, bool, float]: ...
@staticmethod
def redact_value(value: str, mode: str) -> str: ...
Import
from llm_guard.input_scanners import Secrets
I/O Contract
Inputs
| Name |
Type |
Required |
Description
|
| redact_mode |
str |
No |
Redaction strategy to apply when secrets are found. Options: "partial", "all", "hash". Defaults to "all".
|
scan() Inputs
| Name |
Type |
Required |
Description
|
| prompt |
str |
Yes |
The input text to scan for embedded secrets.
|
Outputs
| Name |
Type |
Description
|
| prompt |
str |
The sanitized prompt with detected secrets redacted according to the configured redact_mode.
|
| is_valid |
bool |
True if no secrets were detected; False if secrets were found and redacted.
|
| risk_score |
float |
A confidence score between 0.0 and 1.0 indicating the likelihood of secret presence.
|
Usage Examples
Basic Usage
from llm_guard.input_scanners import Secrets
scanner = Secrets()
prompt = "My API key is sk-abc123def456ghi789jkl012mno345pqr678stu901"
sanitized_prompt, is_valid, risk_score = scanner.scan(prompt)
print(sanitized_prompt) # Secret will be redacted
print(is_valid) # False (secret was detected)
print(risk_score) # Confidence score
Custom Redact Mode
from llm_guard.input_scanners import Secrets
# Use partial redaction to keep a few characters visible
scanner = Secrets(redact_mode="partial")
prompt = "Connect using password: SuperS3cretP@ss!"
sanitized_prompt, is_valid, risk_score = scanner.scan(prompt)
print(sanitized_prompt)
Hash Redaction
from llm_guard.input_scanners import Secrets
# Use hash-based redaction for consistent replacement
scanner = Secrets(redact_mode="hash")
prompt = "Bearer token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
sanitized_prompt, is_valid, risk_score = scanner.scan(prompt)
print(sanitized_prompt)
Related Pages
