Secret Scanner Installation
Before you begin
You'll need:
- A ByteHide account and project token
- Java 11 or higher installed
- Node.js 16+ installed (required by the scanner engine)
Installation Options
Choose your preferred installation method:
Download Pre-built JAR
Download the latest bytehide-secrets-scanner.jar from the releases page.
Build from Source
git clone https://github.com/bytehide/bytehide-secrets-scanner-wrappers.git
cd bytehide-secrets-scanner-wrappers/wrappers/java
mvn clean packagegit clone https://github.com/bytehide/bytehide-secrets-scanner-wrappers.git
cd bytehide-secrets-scanner-wrappers/wrappers/java
mvn clean packageThis will create target/bytehide-secrets-scanner.jar.
Basic Setup
After installation, initialize the scanner configuration:
java -jar bytehide-secrets-scanner.jar initjava -jar bytehide-secrets-scanner.jar initThis interactive command will create a bytehide.secrets.json file in your project root directory:
{
"token": "<your-project-token>",
"appName": "My Java Project",
"environment": "development",
"sync": true,
"fix": false,
"anonymize": false
}{
"token": "<your-project-token>",
"appName": "My Java Project",
"environment": "development",
"sync": true,
"fix": false,
"anonymize": false
}Security Warning
Never commit your bytehide.secrets.json file to source control. Add it to your .gitignore file.
Verify Installation
After installation, run a scan to verify everything is working:
java -jar bytehide-secrets-scanner.jar scanjava -jar bytehide-secrets-scanner.jar scanThe scanner will automatically:
- Check if scanning is enabled for your configuration
- Scan source code for secrets
- Report any findings to your ByteHide dashboard
- Export detected secrets to your ByteHide Secrets Manager (if configured)
Maven Integration
You can integrate the scanner into your Maven build process using the Exec Maven Plugin:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>scan-secrets</id>
<phase>validate</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>java</executable>
<arguments>
<argument>-jar</argument>
<argument>${project.basedir}/bytehide-secrets-scanner.jar</argument>
<argument>scan</argument>
<argument>.</argument>
</arguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build><build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>scan-secrets</id>
<phase>validate</phase>
<goals>
<goal>exec</goal>
</goals>
<configuration>
<executable>java</executable>
<arguments>
<argument>-jar</argument>
<argument>${project.basedir}/bytehide-secrets-scanner.jar</argument>
<argument>scan</argument>
<argument>.</argument>
</arguments>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>Now mvn validate will run the secrets scanner before building.
Gradle Integration
For Gradle projects, add a task to your build.gradle:
task scanSecrets(type: Exec) {
commandLine 'java', '-jar', 'bytehide-secrets-scanner.jar', 'scan', '.'
}
build.dependsOn scanSecretstask scanSecrets(type: Exec) {
commandLine 'java', '-jar', 'bytehide-secrets-scanner.jar', 'scan', '.'
}
build.dependsOn scanSecretsScanner Workflow
The Secret Scanner integrates into your development workflow:
- Installation: Download the JAR or build from source
- Configuration: Set up the scanner via the JSON file or init command
- Scanning: Run manually or automatically during builds
- Reporting: Detected secrets appear in your ByteHide dashboard
- Action: Export, fix, or receive alerts about found secrets