Secrets Checker FAQs

Question 1

What is Secrets Checker and what does it do?

Accepted Answer

Secrets Checker is a .NET-first tool designed to find hardcoded secrets, such as connection strings, cloud credentials, and API tokens, within your .NET source code and comprehensive git history. It's built to report only the locations of these secrets.

Question 2

How does Secrets Checker ensure raw secret values are not exposed?

Accepted Answer

A core architectural principle of Secrets Checker is to prevent the exposure of raw secret values. It outputs only the location of detected secrets, never their actual content, significantly reducing the risk of a second exposure.

Question 3

What types of secrets can Secrets Checker detect?

Accepted Answer

The tool can detect a broad array of secrets, including SQL Server, MongoDB, PostgreSQL connection strings, AWS/Azure cloud credentials, GitHub/GitLab PATs, Stripe keys, Slack tokens, and generic API/password fields, utilizing .NET-first, AST-aware patterns.

Question 4

What deployment options are available for Secrets Checker?

Accepted Answer

Secrets Checker offers versatile deployment: as a local CLI tool, a NuGet library for integration into CI/CD pipelines, and an MCP server specifically for use with Claude Code, providing flexibility for various development workflows.

Question 5

Does Secrets Checker collect any telemetry or user data?

Accepted Answer

No. Secrets Checker is designed with privacy in mind. It sends no telemetry, analytics, usage data, findings, or file paths, performs no version checks, and executes zero network operations. It truly does not 'phone home'.

Secrets Checker

Secrets Checker

Key Features

Use Cases

Key Features

Use Cases