Expand description
Core types shared across all KeyHog crates.
Defines the Source trait for pluggable input backends, DetectorSpec
for TOML-based pattern definitions, [Finding] for scanner output,
DedupedMatch for grouped findings, and [Report] for structured result
formatting.
Re-exports§
Modules§
- allowlist
- Credential/path allowlist parsing and matching.
Allowlist support:
.keyhogignorefile parsing for suppressing known false positives by path glob, detector ID, or credential hash. - banner
- config
- Configuration system for KeyHog scanning options. Configuration for KeyHog scanning and verification.
- registry
- Global registry for pluggable components (Sources, Verifiers). This allows adding new features in a single file without modifying the core.
- report
- Reporting logic for scan results.
- serde_
arc_ str - serde_
arc_ str_ opt
Structs§
- Chunk
- A scannable chunk of text with metadata about where it came from.
- Chunk
Metadata - Metadata that tracks the source location for a scanned chunk.
- Companion
Spec - Secondary pattern used to confirm a primary match or provide extra context.
- Deduped
Match - A group of related raw matches representing a single distinct secret finding.
- Detector
File - Wrapping struct for a detector TOML file.
- Detector
Spec - A complete detector definition loaded from a TOML file.
- Header
Spec - Custom HTTP header specification.
- Match
Location - Where a credential was found: file path, line number, commit, and author.
- Metadata
Spec - Metadata field specification for verification results.
- Pattern
Spec - A regex pattern with optional capture group and description.
- RawMatch
- A raw pattern match before verification or deduplication.
- Step
Spec - A single step in a multi-step verification flow.
- Success
Spec - Criteria for a successful verification response.
- Verified
Finding - A finding after verification — the final output.
- Verify
Spec - Live verification configuration for a detector.
Enums§
- Auth
Spec - Authentication scheme for verification requests.
- Dedup
Scope - Deduplication scope for grouping findings.
- Http
Method - HTTP method for verification requests.
- Quality
Issue - Quality issue found in a detector spec.
- Severity
- Severity level for a finding.
- Source
Error - Errors returned by input sources while enumerating or reading content.
- Spec
Error - Errors returned while loading or validating detector specifications.
- Verification
Result - Result of live verification: whether the credential is active, revoked, or untested.
Traits§
- Source
- Produces chunks of text for the scanner to process. Each implementation handles a different input source.
Functions§
- dedup_
matches - Deduplicate raw matches according to the given
DedupScope. - embedded_
detector_ tomls - Load detectors from embedded data (compiled into the binary). Returns detector TOML strings that can be parsed by the spec loader.
- load_
detector_ cache - Load detectors from a JSON cache file. Returns None if cache is stale or missing.
- load_
detectors - Load all detector specs from a directory of TOML files. Runs quality gate on each detector. Rejects detectors with errors, warns on issues.
- load_
detectors_ with_ gate - Load detectors with optional quality gate enforcement.
When
enforce_gateistrue, detectors with quality errors are skipped. - redact
- Redact a sensitive credential string for safe display.
- save_
detector_ cache - Save detectors to a JSON cache file for fast subsequent loads.
- validate_
detector - Validate a detector spec against the quality gate.