Plaintext Secrets
Polyglot source code scanner that detects hardcoded secrets across projects.
What Plaintext Secrets does
Plaintext Secrets scans source trees for hardcoded credentials and records findings without storing the secret value itself. It keeps enough metadata to triage: file path, line number, detector, severity, fingerprint, and false-positive state.
The user-facing Secrets module remains a coming-soon product name while this implementation module provides the scanner and findings table that Observe can render today.
Wire payload
Same shape, three syntaxesThe wire protocol is plain HTTP, plain JSON, HMAC-SHA256. The TypeScript tab uses the SDK; the cURL tab is the raw HTTP equivalent; the Python tab shows the preview SDK shape.
import { createCuittyClient } from "@cuitty/sdk";
const cuitty = createCuittyClient({
observeUrl: "https://observe.cuitty.com",
projectId: process.env.CUITTY_PROJECT_ID!,
apiKey: process.env.CUITTY_API_KEY!,
});
cuitty.start();
await cuitty.emit({
type: "secret:detected",
timestamp: new Date().toISOString(),
data: {
file: "src/config.ts",
line: 42,
detector: "aws-access-key",
severity: "high",
fingerprint: "sha256:...",
},
});
Database schema
Excerpt from observe/modules/plaintext-secrets/schema.sql.
One libSQL file per module — back it up with cp.
CREATE TABLE IF NOT EXISTS plaintext_secret_findings (
id TEXT PRIMARY KEY,
file_path TEXT NOT NULL,
line_number INTEGER,
detector TEXT NOT NULL,
severity TEXT NOT NULL,
fingerprint TEXT NOT NULL,
false_positive INTEGER DEFAULT 0
);Related modules
Audit
Comprehensive audit logging for all admin actions with before/after diffs.
Secrets
User-facing security module name reserved while plaintext-secrets remains the active implementation.
Configs
Configuration management and synchronization with versioning and a diff viewer.