Secrets
What is Secret Scanning?
Also known as: Secret Detection · Credential Scanning · 시크릿 스캐닝 · 시크릿 탐지 · 크리덴셜 스캐닝 · 시크릿 검출
The process of automatically searching code repositories, CI logs, container images, SaaS documents, chat transcripts, and other locations for accidentally committed credentials. Modern secret scanning goes beyond regex (which produces noise) to use entropy analysis, contextual parsing, and provider-specific validators that prove a leaked key is actually live before paging the owner. Cremit Argus runs this across public and private code plus SaaS surfaces.
More terms in Secrets
- CredentialAny secret value that proves an identity to a system — a password, API key, OAuth token, TLS private key, SSH key, or JWT. In NHI security, "credential" usually refers to the machine-to-machine secret, not a human password. The word is used interchangeably with "secret" in most operational contexts.
- Secret SprawlThe condition where credentials, API keys, and tokens are scattered across code repositories, CI systems, environment variable stores, chat messages, wikis, and documents without a single inventory or ownership record. Rotating a single value becomes expensive because the team does not know how many copies exist.
- Credential LeakageThe accidental disclosure of a credential to someone who should not have access — an API key committed to a public repo, a token printed in a log, a secret pasted in Slack, a .env file bundled into a client-side JavaScript build. Different from Secret Sprawl (an inventory problem): leakage is an active exposure event that needs immediate rotation, scope review of what the credential could reach, and forensic review of logs.