{"id":28456173,"url":"https://github.com/bytehide/bytehide-secrets-scanner-dotnet","last_synced_at":"2026-02-02T03:35:44.294Z","repository":{"id":280852968,"uuid":"943397991","full_name":"bytehide/bytehide-secrets-scanner-dotnet","owner":"bytehide","description":"ByteHide Secrets Scanner for .NET – Automatically detect and protect your code from exposing sensitive data (API keys, tokens) at build time.","archived":false,"fork":false,"pushed_at":"2025-03-05T16:43:44.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-05T17:40:09.843Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bytehide.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-05T16:36:29.000Z","updated_at":"2025-03-05T16:43:47.000Z","dependencies_parsed_at":"2025-03-05T17:40:18.580Z","dependency_job_id":"0355224c-1a36-447e-8954-15a797531b5a","html_url":"https://github.com/bytehide/bytehide-secrets-scanner-dotnet","commit_stats":null,"previous_names":["bytehide/bytehide-secrets-scanner-dotnet"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytehide%2Fbytehide-secrets-scanner-dotnet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytehide%2Fbytehide-secrets-scanner-dotnet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytehide%2Fbytehide-secrets-scanner-dotnet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytehide%2Fbytehide-secrets-scanner-dotnet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bytehide","download_url":"https://codeload.github.com/bytehide/bytehide-secrets-scanner-dotnet/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bytehide%2Fbytehide-secrets-scanner-dotnet/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":258485480,"owners_count":22708931,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-06T22:40:27.054Z","updated_at":"2026-02-02T03:35:39.253Z","avatar_url":"https://github.com/bytehide.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Bytehide Secrets Scanner for .NET ⚡\n\n![Bytehide.Secrets.Scanner - Prevent secret leaks in .NET code with an AI-powered scanner that detects and protects API keys, tokens, and credentials.](https://www.bytehide.com/wp-content/uploads/2025/03/bytehide-secrets-scanner-for-dotnet.png)\n\n**Bytehide.Secrets.Scanner** is a lightweight, powerful secret detection tool for .NET projects. It integrates directly into your build process to scan and protect your code from accidentally exposing sensitive data such as API keys, tokens, and passwords. It goes beyond traditional scanners by also analyzing your **post-compilation binaries** and offering advanced AI-based detection (in its advanced version) with a secure, zero-knowledge approach.\n\n[![NuGet](https://img.shields.io/nuget/v/Bytehide.Secrets.Scanner.svg?style=flat-square)](https://www.nuget.org/packages/Bytehide.Secrets.Scanner/)\n[![NuGet Downloads](https://img.shields.io/nuget/dt/Bytehide.Secrets.Scanner.svg?style=flat-square)](https://www.nuget.org/packages/Bytehide.Secrets.Scanner/)\n[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg?style=flat-square)](https://github.com/ByteHide/bytehide-secrets-scanner-dotnet/blob/main/LICENSE)\n\n\n---\n\n## Important Security Notice\n\n**Stay Cool \u0026 Secure:**\n- **Local \u0026 Private:** All scanning is performed on your machine. Neither your source code nor your binaries ever leave your environment—total privacy guaranteed!\n- **Beyond Source Code:** Unlike other scanners, Bytehide.Secrets.Scanner goes the extra mile by scanning your **post-compilation binaries**. This means it can catch secrets that might be injected during the build process and hidden from plain sight in your source code.\n\nEnjoy the peace of mind knowing that your secrets are covered from every angle.\n\n---\n\n## Compatibility\n\n**Bytehide.Secrets.Scanner** works with any .NET application, including **.NET Standard 2.0+, .NET Framework 4.7.2+, .NET 6, .NET 7, ASP.NET, .NET MAUI**, and more. If your project compiles under .NET, you can integrate this scanner.\n\n---\n\n## Installation\n\nYou can install **Bytehide.Secrets.Scanner** from NuGet.org:\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cstrong\u003e.NET CLI\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\ndotnet add package Bytehide.Secrets.Scanner\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cstrong\u003ePackage Manager Console in Visual Studio\u003c/strong\u003e\u003c/summary\u003e\n\n```powershell\nInstall-Package Bytehide.Secrets.Scanner\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cstrong\u003ePackageReference\u003c/strong\u003e\u003c/summary\u003e\n\n```xml\n\u003cPackageReference Include=\"Bytehide.Secrets.Scanner\" Version=\"1.0.0\"\u003e\n  \u003cPrivateAssets\u003eall\u003c/PrivateAssets\u003e\n  \u003cIncludeAssets\u003eruntime; build; native; contentfiles; analyzers\u003c/IncludeAssets\u003e\n\u003c/PackageReference\u003e\n```\n\u003c/details\u003e\n\n---\n\n## Getting Started\n\n### 1. Get Your Free Token\n\nCreate a free account at [cloud.bytehide.com/register](https://cloud.bytehide.com/register). In under two minutes, you can set up a **.NET Secrets project**:\n\n1. Sign up or sign in to the ByteHide Cloud.\n2. Create a new project and select **Secrets**.\n3. Copy the **Project Token** shown in your project's dashboard.\n\nFor more details, check out our [official guide](https://www.bytehide.com/docs/platforms/dotnet/products/secrets/create-secrets-project).\n\n### 2. Create the Configuration File\n\nIn your .NET project, create a file named `bytehide.secrets.json` with the following content:\n\n```json\n{\n  \"Name\": \"My Configuration\",\n  \"Environment\": \"production\",\n  \"ProjectToken\": \"\u003cYour project token here\u003e\",\n  \"RunConfiguration\": \"*\",\n  \"Enabled\": true,\n  \"DisplayCode\": false,\n  \"Actions\": {\n    \"export\": {\n      \"enabled\": true,\n      \"encrypt\": false,\n      \"prefix\": \"auto_\"\n    }\n  }\n}\n```\n\n- **Environment:** The environment (e.g., \"production\") for exporting secrets.\n- **ProjectToken:** Your token from step 1.\n- **RunConfiguration:** When to run the scanner (e.g., \"debug\", \"release\", or \"*\" for all).\n- **Enabled:** Enable or disable the scanner (`true` / `false`).\n- **DisplayCode:** If `true`, stores the code location of the secret in the ByteHide web panel (useful for auditing).\n- **Actions:** Customize behavior such as exporting to the ByteHide secrets manager, sending alerts, or encrypting secrets in the final binary.  \n  - **export.enabled:** Export the detected secrets to the ByteHide secrets manager.  \n  - **export.encrypt:** Obfuscate/encrypt the secret key in the final binary to add extra protection against reverse engineering.  \n  - **export.prefix:** A prefix to distinguish automatically exported secrets.\n\n\u003e **SECURITY WARNING**  \n\u003e  \n\u003e **Never publish or include your `bytehide.secrets.json` file** in:  \n\u003e - Public Git repositories (add it to `.gitignore`).  \n\u003e - Production servers or containers.  \n\u003e - Distributed NuGet packages (`.nupkg`).  \n\u003e - Mobile app bundles (APK/IPA).  \n\u003e  \n\u003e This file contains sensitive configuration data and must remain private.  \n\u003e Make sure to exclude it from all build outputs and deployment assets to prevent unauthorized access.\n\n\n### 3. Build and Scan\n\nWith the `bytehide.secrets.json` file in place and **Bytehide.Secrets.Scanner** installed, simply build your project. The scanner will:\n\n- Check if `\"Enabled\": true` and if your current build configuration matches `\"RunConfiguration\"`.\n- Scan both source code and **post-compilation binaries**.\n- Automatically export secrets to the ByteHide manager if configured.\n\n### 4. Manage and Review\n\n![Secrets automatic detection in dotnet](https://www.bytehide.com/wp-content/uploads/2025/03/Screenshot-2025-03-05-at-16.31.46.png)\n\nAll analysis and detections appear automatically in the ByteHide dashboard. If **Actions** are configured to `\"export\"`, the secrets will also be stored in the integrated ByteHide secrets manager—no need for extra services like Azure Key Vault.  \n\nYou can also configure alerts to be sent to Slack, Microsoft Teams, email, or any webhook you define. If you prefer, you can fail the build on secret detection or simply log a warning.\n\n---\n\n## Usage Examples\n\n### Automatic Secret Detection\n\nWhen integrated, the scanner will process your code during builds. For example, if your code contains a hardcoded API key:\n\n```csharp\n// Before: Sensitive data exposed\nstring apiKey = \"sk_live_ABC123XYZ789\";\n\n// After: The scanner detects and transforms the secret\nstring apiKey = secure(\"i19k\"); // The real value is hidden or exported\n```\n\n\u003e The exact replacement format (e.g., `secure(\"i19k\")`) depends on your configuration. In all cases, the real secret value is protected.\n\n### Manual Secret Marking\n\nIf you need more granular control, install **ByteHide.ToolBox** and use the provided markers:\n\n```csharp\nusing Bytehide.ToolBox.Secrets;\n\npublic class MyService\n{\n    [SecretsMarker.ThisIsASecret]\n    private string connectionString = \"Server=myServer;User Id=myUser;Password=myPassword;\";\n}\n\n// Alternatively:\nvar password = SecretsMarker.ThisIsASecret(\"drowssap\", \"database_password\");\n\n// Or extension methods:\nvar password = \"drowssap\".IsASecret(\"my_db_password\");\nvar password = \"drowssap\".IsASecret();\n```\n\n---\n\n## Benefits and Use Cases\n\n- **Enhanced Security:** Prevent accidental exposure of credentials in source code or compiled binaries.\n- **Compliance:** Helps meet security standards and regulatory requirements by ensuring sensitive data is protected.\n- **Seamless Integration:** Works automatically with your existing development and CI/CD tools, plus a built-in secrets manager.\n- **Time-Saving:** Automates secret detection, letting you focus on building features rather than manual code reviews.\n\n---\n\n## Why Choose Bytehide.Secrets.Scanner?\n\n- **Advanced AI Detection (Zero-Knowledge):** Tailor the scanner to match your project's unique requirements with privacy in mind.\n- **Effortless Integration:** Easy to set up within your build process without invasive changes.\n- **Cross-Platform Compatibility:** Supports the most widely used .NET frameworks and environments.\n- **Built-In Secrets Manager:** No need for additional tools like Azure Key Vault. Export your secrets automatically to the ByteHide manager at no extra cost.\n- **Comprehensive Documentation and Community Support:** Access detailed guides and join an active community for assistance and improvements.\n\n---\n\n## Get Started Today!\n\n**Secure your code now!**  \nDon't risk exposing sensitive information.  \n- [Create your free account](https://cloud.bytehide.com/register) and get a token.  \n- [Install Bytehide.Secrets.Scanner](https://www.nuget.org/packages/Bytehide.Secrets.Scanner) to experience automated protection for your projects.  \n- Learn more in our [official documentation](https://bytehide.com/docs/platforms/dotnet/products/secrets).\n\n![Bytehide.Secrets.Scanner - Prevent secret leaks in .NET code with an AI-powered scanner that detects and protects API keys, tokens, and credentials.](https://www.bytehide.com/wp-content/uploads/2025/03/bytehide-secrets-scanner-for-dotnet.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytehide%2Fbytehide-secrets-scanner-dotnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbytehide%2Fbytehide-secrets-scanner-dotnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbytehide%2Fbytehide-secrets-scanner-dotnet/lists"}