How secret scanning works

HCP Vault Radar is a new extension to HashiCorp Vault that conducts ongoing reconnaissance of unsecured secrets stored as plain text in code repositories, configuration tools, DevOps tools, and collaboration platforms. Secret scanning helps identify and prevent security threats posed by exposed sensitive information, passwords, API keys, and other credentials. HCP Vault Radar uses a hybrid scanning approach with regular expressions and dictionaries to find leaked secrets and sensitive information. It supports Git-based source control tools like GitHub, GitLab, and BitBucket, and can be automated to conduct scans over code repositories or integrated into developers' native workflows by scanning commits and pull requests. HCP Vault Radar provides comprehensive coverage of relevant locations where secrets may be found, leverages a hybrid approach for accuracy, offers monitoring and alerting capabilities, prioritizes evaluation results based on risk, and allows customization of scanning rules to meet specific organizational needs.