Secrets Detection
Find leaked credentials on disk, in git history, and in public web responses. AI classifier triages matches before promotion. Verified-live secrets flagged for immediate rotation.
WASViking® covers leaked credentials in two parallel places: where they hide on disk inside the customer environment, and where they accidentally surface on the public web.
Coverage maps to OWASP A07:2021 (Identification and Authentication Failures) and CWE-798 (Use of Hard-coded Credentials).
How a detection becomes a Finding
Sentinel scans source tree
│
▼
Detector match (32 patterns)
│
▼
AI classifier (real_secret / placeholder / test_fixture)
│
├─▶ suppressed (test, doc, placeholder), kept in submission
│ for audit, not promoted to Findings
│
▼
Promoted to Findings workflow (category: token_exposure, CWE-798)
│
▼
Live verification (optional, 10 detectors)
│
▼
Findings flagged "VERIFIED LIVE" for triage priority
Premise-side: wasviking-sentinel secrets
32 detectors, 10 of them with live verification. Raw secrets never leave the host. Only a SHA-256 hash and a masked preview reach WASViking.
See wasviking-sentinel secrets for the full agent reference.
Detector tiers
Detectors are grouped by tier, which drives default severity and helps operators prioritize:
| Tier | Detectors include | Default severity |
|---|---|---|
| Cloud | AWS access keys, AWS secret keys, AWS session tokens, Azure client secrets, GCP service account JSON, Azure connection strings. | High |
| Payments | Stripe (live and test), SendGrid, Twilio. | High |
| VCS | GitHub PAT (classic and fine-grained), GitHub app installation tokens, GitLab PAT, GitLab runner tokens. | High |
| Comms | Slack bot tokens, Slack user tokens, Slack webhooks, PagerDuty integration keys. | Medium-High |
| Database | Postgres / MySQL / MongoDB / Redis connection URIs with credentials embedded. | High |
| Keys | RSA, EC, OpenSSH private keys. | High |
| Generic | High-entropy strings that look like credentials but do not match a specific provider pattern. | Medium |
Cloud-side detection
The parallel leak class is secrets exposed in HTML, JSON, and
JavaScript responses on the public web. WASViking applies the same
pattern catalog to scan responses during a DAST run. Matches feed the
same token_exposure Findings pipeline.
The AI classifier
Pattern matching alone produces noise. WASViking routes every match through an AI classifier before promotion. The classifier reads the match in its file or response context and returns one of:
| Verdict | What happens |
|---|---|
real_secret |
Promoted to a Finding. Confidence is recorded. |
placeholder |
Suppressed. Counted under "test / docs / placeholder". |
test_fixture |
Suppressed. |
uncertain |
Promoted, but flagged for operator review. |
The classifier verdict is rendered alongside the match in the portal:
AI classification:
real_secret(confidence 80%). Detectoraws_access_keymatched a provider-shaped credential.
Suppressions are kept in the submission record so an operator can audit what the classifier filtered, but they do not appear as Findings.
Privacy guarantee
- Agent. Raw secret held in memory only long enough to verify (if requested), then discarded. Submission payload carries hash, masked preview, and the verifier result. Nothing else.
- Cloud. The matched substring is the only secret material the platform sees. A masked preview is rendered in the portal; the raw match is only visible to operators with the right scope, on explicit reveal.
False-positive controls
In order of how they fire:
- Path-based suppression for
*.test.*,__tests__/,/docs/and similar canonical test paths. - Pattern-based suppression for canonical placeholders
(
EXAMPLE,PLACEHOLDER,XXXX). - AI classifier as the final layer. Sees the match in context
and decides
real_secret/placeholder/test_fixture/uncertain. - Per-detector quality score. Low-quality detectors are gated by config and contribute lower default severity.
The classifier's confidence is exposed in the portal so the
operator can spot-check borderline cases.
In the portal: Hard-coded Secrets
The inventory lives at Inventory → Secrets in the portal sidebar.
List view
Header stats summarize the org-wide state:
| Stat | Meaning |
|---|---|
| Submissions | How many secret-scan submissions are in the inventory. |
| With verified-live matches | Submissions that contain at least one live-verified credential. |
| Open secret findings | Currently open Findings of category token_exposure. |
Filters:
| Filter | What it does |
|---|---|
| Target | Substring search by target name. |
| Verified live only | Toggle. Limits the list to submissions with at least one verified-live match. |
Table columns:
| Column | What it shows |
|---|---|
| Submitted | Timestamp of the submission. |
| Target | The asset the scan ran against, as the agent reported it. |
| Source | The submission source (sentinel_run, cloud_dast, manual_intake). |
| Files | Number of files scanned in this submission. |
| Matches | Raw detections, including suppressed. |
| Verified live | Number of credentials verified live with the provider. |
| Findings | Number of Findings promoted from this submission. |
| Severity | Severity distribution badges (HIGH · 4, MEDIUM · 2). |
Submission detail
Click any row to open the submission detail. It carries the agent identity, the host that produced it, the runtime version, and a breakdown.
Top cards:
| Card | Meaning |
|---|---|
| Files scanned | Total files walked, plus the cumulative byte size. |
| Matches | Raw detector hits (before AI suppression). |
| Verified live | Hits confirmed live with the provider. |
| Findings promoted | Hits that became Findings under the workflow. |
| Suppressed | Hits the AI classifier ruled placeholder or test_fixture. |
Detector breakdown table shows, per detector:
| Column | Meaning |
|---|---|
| Detector | Detector identifier (aws_access_key, sendgrid_api_key, generic_high_entropy, etc.). |
| Provider | Vendor (AWS, SendGrid, Azure, Generic). |
| Tier | The category tag (CLOUD, PAYMENTS, GENERIC). |
| Matches | Match count for this detector in this submission. |
| Verified live | Live-verified subset. |
| Severity | Severity distribution. |
Top Findings lists the highest-risk matches with full context:
- Severity, verification state (VERIFIED LIVE / UNVERIFIED), tier badges.
- File path with line number.
- Masked preview (
AKIA••••••••••••OTAU) and the entropy score. - A code excerpt with the masked secret highlighted.
- AI classifier verdict and confidence.
- CWE mapping, status, seen count, deep link to the canonical Finding.
Manual Leak Intake
For security teams that already subscribe to breach feeds, the Manual Leak Intake page lets operators ingest known-leaked credentials and have the platform match them across the inventory.
Scope: sca:ioc (shared with manual SBOM IOC). Same lifecycle as
agent-submitted matches: AI classifier → optional verification →
Findings workflow.
Where it lives in the portal
- Inventory → Secrets: submissions inventory + submission detail.
- Inventory → Manual Leak Intake: operator-supplied indicators.
- Findings: filter by category
token_exposureorcredential_exposure. - Settings → API Keys:
secrets:submitscope for agents.
What it does NOT do
- No raw secret leaves the customer environment. Hash + masked preview only.
- No automatic rotation. Verified-live matches are flagged so the team can rotate them; WASViking does not call provider rotation APIs.
- No public web crawling beyond the configured DAST surface. Cloud-side detection runs against the scan responses your scan configuration already produces.