Shush is a simple program for redacting secrets from a provided block of text.
Example:
shush ./example.txt
{
token: "[[REDACTED]]"
}
Shush also supports reading from STDIN and writes to STDOUT.
shush < ./example.txt
{
token: "[[REDACTED]]"
}
## Or
cat example.txt | shush
{
token: "[[REDACTED]]"
}
Shush is built ontop of Gitleak's detection engine so it supports all the same secrets and keys that gitleaks does. However, we also support generic passwords and generic secrets using regex matches. If you'd like to disable these, you can do so with a flag: --showSecrets=true
or --showPasswords=true
, however, the Gitleaks matches will stay on.
shush < hosts.yml
local:
host: localhost
database: app_db
user: [[REDACTED]]
password: [[REDACTED]]
port: 5432
docker:
host: localhost
database: app_db
user: [[REDACTED]]
password: [[REDACTED]]
port: 5432
## With Flags
shush --showPasswords=true < hosts.yml
local:
host: localhost
database: app_db
user: dev
password: dev
port: 5432
docker:
host: localhost
database: app_db
user: dev
password: dev
port: 5432
Download a release from the releases tab and add that to your path.
Alternatively, if you're using Go:
go install github.com/bradcypert/shush@latest