Skip to main content

scan

Find secrets in files or directories without modifying anything.

Usage

takumo-aegis scan <path> [options]

Examples

Scan a single file:
takumo-aegis scan ./src/config.ts
Scanning: ./src/config.ts

Found 2 secrets:

  Line 5    Database URL       postgres://admin:***...
  Line 8    Stripe Key         sk_test_EXAMPLE...
Scan a directory:
takumo-aegis scan ./src/
Scanning: ./src/ (24 files)

Found 7 secrets across 4 files:

src/config.ts
  Line 5    Database URL         postgres://admin:***...
  Line 8    Stripe Key           sk_test_EXAMPLE...

src/lib/aws.ts
  Line 12   AWS Access Key       AKIAEXAMPLE...
  Line 13   AWS Secret Key       wJalrXUt***...

src/.env
  Line 1    JWT Secret           [REDACTED]
  Line 3    API Key              [REDACTED]

src/test/fixtures.ts
  Line 22   Test Password        [REDACTED]
Scan with exclusions:
takumo-aegis scan ./src/ --ignore "**/*.test.ts" --ignore "**/fixtures/**"

Options

OptionDescription
--ignore <pattern>Glob pattern to exclude (can use multiple times)
--no-recursiveDon’t scan subdirectories

CI/CD usage

scan exits with code 1 if secrets are found:
# In your CI pipeline
takumo-aegis scan ./src/
if [ $? -eq 1 ]; then
  echo "Secrets detected in source code"
  exit 1
fi
Or as a one-liner:
takumo-aegis scan ./src/ || (echo "Secrets found!" && exit 1)

Supported file types

TypeExtensions
JavaScript/TypeScript.js, .jsx, .ts, .tsx, .mjs
Python.py
Go.go
Rust.rs
Config.json, .yaml, .yml, .toml
Environment.env, .env.*
Binary files are automatically skipped.