#secret #credentials #cli-tool #cli

bin+lib fencer

A mini CLI tool to scan creds and secrets in source code

3 releases (stable)

1.1.0 Aug 9, 2022
1.0.0 Aug 1, 2022
0.1.0 Aug 1, 2022

#59 in #credentials

Download history 17/week @ 2024-02-21 11/week @ 2024-02-28 17/week @ 2024-03-27 38/week @ 2024-04-03

55 downloads per month

MIT license

202 lines



Fencer is a mini-CLI tool that can used to scan various kind of secrets/credentials that are hardcoded into a project source code files


  • Identiying the secrets injected into the source code and outputs it along with the kind of secret (Eg: AWS Creds, Github Personal Access Token)

  • Exluding sub-dirs within the project that does not have UTF 8 encoded files like build/, target/


(Back to top)

Installation Using Cargo

If you installed Cargo, the official Rust Package manager, run the following command:

cargo install fencer



Installing the executable directly

If rust/cargo isn't installed on your machine, you can directly install the executable from the repo's release page

Building the docker locally

This repo comes in with a Dockerfile that can be built and run locally

docker build -t fencer:local .

Usage Examples

(Back to top)


Local Execution

 fencer --help
Fencer 1.0.0
Naresh, nareshbalajia@mail.com
A mini CLI tool to scan creds and secrets in source code

    fencer [OPTIONS] --project_dir <project_dir>

    -e, --exclude_paths <exclude_paths>
            The directories to exclude for the scan [default: target build .git]

    -h, --help
            Print help information

    -p, --project_dir <project_dir>
            Input the relative path to the project dirs

    -V, --version
            Print version information


Docker Execution

Mounting the project directory using the docker run command would enable the tool to be run via Docker

docker run -v "$(pwd)"/<project_dir_path>:/app -it nareshbalajia/fencer:latest --project_dir /app

Supported Secrets

(Back to top)

Secret Type Match Pattern
amazon_mws_auth_token REGEX
authorization_basic REGEX
authorization_bearer REGEX
authorization_api REGEX
google_api REGEX
google_oauth REGEX
heroku_api REGEX
firebase REGEX
facebook_access_token REGEX
github_access_token REGEX
ssh_rsa String Match
ssh_ec String Match
passwords REGEX/String Match


~171K SLoC