Skip to content

Secrets Detection

Open In Colab

This detector looks for API Keys, Tokens, Private Keys, JWT, etc. and replaces it with ****. Basically this detector makes sure that your prompts do not contain secrets that can be used to perform actions on your behalf.

Tip

Check prerequisites before proceeding further.

Policies

There are currently no policies to tweak for the Secrets Detector. It works automagically.

API

Usage

import os
import requests

endpoint = "https://api.zenguard.ai/v1/detect/secrets"

headers = {
    "x-api-key": os.getenv("ZEN_API_KEY"),
    "Content-Type": "application/json",
}

data = {
    "messages": ["Just use 7Jjs7ytGUkOicKStFSYDT3BlbkFJQld0UnUOFyRpt7kE2ERn to send the message to LLM"]
}

response = requests.post(endpoint, json=data, headers=headers)
if response.json()["is_detected"]:
    print("Secrets detected. The damage averted.")
else:
    print("No secrets detected: good job.")

curl -X POST https://api.zenguard.ai/v1/detect/prompt_injection \
    -H "x-api-key: $ZEN_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
        "messages": ["Just use 7Jjs7ytGUkOicKStFSYDT3BlbkFJQld0UnUOFyRpt7kE2ERn to send the message to LLM."]
    }'

Response Example: 

{
    "is_detected": true,
    "score": 1.0,
    "sanitized_message": "Just use **** to send the message to LLM."
}

  • is_detected(boolean): Indicates whether a secret was detected in the provided message. In this example, it is True since the prompt contains an API key.
  • score(float: 0.0 - 1.0): A score representing the certainty of the Secrets detection. Here, it is 1.0.
  • sanitized_message(string or null): This field contains the sanitized version of the message. In this example the API key was replaced with ****.

Error Codes:

- `401 Unauthorized`: API key is missing or invalid.
- `400 Bad Request`: Request body is malformed.
- `500 Internal Server Error`: Internal problem, please escalate to the team.

Client

Detect Secrets:

import os
from zenguard import Credentials, Detector, ZenGuard, ZenGuardConfig

api_key = os.environ.get("ZEN_API_KEY")
config = ZenGuardConfig(credentials=Credentials(api_key=api_key))
zenguard = ZenGuard(config=config)

message="Just use 7Jjs7ytGUkOicKStFSYDT3BlbkFJQld0UnUOFyRpt7kE2ERn to send the message to LLM"
response = zenguard.detect(detectors=[Detector.SECRETS], prompt=message)
if response.get("is_detected"):
    print("Secrets detected. The damage averted.")
else:
    print("No secrets detected: good job.")