GhostEnv Tool Stores Dev Secrets in OS Keychain to Prevent Git Leaks
GhostEnv is a new open-source, language-agnostic developer tool designed to prevent accidental exposure of API keys and authentication secrets in Git repositories. It integrates with Git pre-commit hooks, pausing commits when its AST and regex scanner detects secrets in staged files and prompting the developer interactively before any changes are made. A companion command called 'ghostenv run' wraps any process and injects credentials directly from the native OS keychain — such as macOS Keychain, Windows Credential Manager, or Linux Secret Service — into transient process memory. Secrets are never written to local disk and are cleared from memory once the child process exits, leaving no local footprint. The tool claims sub-300ms execution and works across languages and frameworks without requiring language-specific hooks or library imports.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in