Secret Scanner Installation

Before you begin

You'll need:

A ByteHide account and project token
Node.js 14.x or higher installed
npm 6.x or higher or yarn 1.x or higher

Installation Options

Choose your preferred installation method:

npm

npm install @bytehide/secrets-scanner --save-dev

yarn

yarn add @bytehide/secrets-scanner --dev

Basic Setup

After installation, create a bytehide.secrets.json file in your project root directory:

{
  "token": "<your-project-token>",
  "appName": "My JavaScript Project",
  "environment": "development",
  "sync": true,
  "reportFormat": "json",
  "anonymize": false,
  "fix": true
}

Alternatively, use the initialization command for an interactive setup:

npx bytehide-secrets init

Security Warning

Never commit your bytehide.secrets.json file or tokens to source control. Add it to your .gitignore file and consider using environment variables instead.

Verify Installation

After installation, run a scan to verify everything is working:

npx bytehide-secrets scan

The scanner will automatically:

Check if scanning is enabled for your configuration
Scan both source code and compiled artifacts for secrets
Report any findings to your ByteHide dashboard
Export detected secrets to your ByteHide Secrets Manager (if configured)

Prebuild Integration

For automatic scanning before each build, add a prebuild script to your package.json:

{
  "scripts": {
    "prebuild": "bytehide-secrets scan",
    "build": "your-build-command"
  }
}

This ensures the scanner runs automatically whenever you build your project:

npm run build

Scanner Workflow

The Secret Scanner integrates into your development workflow:

Installation: Add the npm/yarn package to your project
Configuration: Set up the scanner via the JSON file or init command
Scanning: Run manually or automatically during builds
Reporting: Detected secrets appear in your ByteHide dashboard
Action: Export, fix, or receive alerts about found secrets