[FEATURE][PLUGIN]: Create Secrets Detection plugin #894
Description
Overview
Create a Secrets Detection Plugin that automatically detects and handles sensitive information like API keys, passwords, tokens, and certificates in prompts, tool arguments, and responses.
Plugin Requirements
Plugin Details
- Name: SecretsDetectionPlugin
- Type: Self-contained (native) plugin
- File Location:
plugins/secrets_detection/ - Complexity: Medium
Functionality
- Detect various types of secrets (API keys, passwords, tokens, certificates)
- Support multiple detection methods (regex patterns, entropy analysis, ML models)
- Configurable handling strategies (block, mask, redact, alert)
- Integration with secret scanning databases (GitLeaks, TruffleHog patterns)
- Allowlist management for known safe patterns
Hook Integration
- Primary Hooks:
prompt_pre_fetch,prompt_post_fetch,tool_pre_invoke,tool_post_invoke - Purpose: Prevent secret leakage in AI interactions
- Behavior: Block, mask, or alert based on configuration
Configuration Schema
plugins:
- name: "SecretsDetection"
kind: "plugins.secrets_detection.detector.SecretsDetectionPlugin"
description: "Detects and handles secrets in prompts and tool calls"
version: "0.1.0"
hooks: ["prompt_pre_fetch", "prompt_post_fetch", "tool_pre_invoke", "tool_post_invoke"]
mode: "enforce" # enforce | permissive | disabled
priority: 20 # High priority for security
conditions:
- server_ids: ["production", "staging"]
config:
# Detection settings
detection_methods:
- regex_patterns
- entropy_analysis
- known_formats
# Secret types to detect
secret_types:
api_keys:
enabled: true
patterns:
- name: "aws_access_key"
pattern: "AKIA[0-9A-Z]{16}"
confidence: 0.9
- name: "github_token"
pattern: "gh[pousr]_[A-Za-z0-9_]{36,255}"
confidence: 0.95
- name: "openai_api_key"
pattern: "sk-[a-zA-Z0-9]{48}"
confidence: 0.98
passwords:
enabled: true
patterns:
- name: "basic_password"
pattern: "password\\s*[=:]\\s*[\"'][^\"'\\s]{8,}[\"']"
confidence: 0.7
- name: "connection_string"
pattern: "password=[^;\\s]{6,}"
confidence: 0.8
certificates:
enabled: true
patterns:
- name: "private_key"
pattern: "-----BEGIN.*PRIVATE KEY-----"
confidence: 1.0
- name: "certificate"
pattern: "-----BEGIN CERTIFICATE-----"
confidence: 0.9
tokens:
enabled: true
patterns:
- name: "jwt_token"
pattern: "eyJ[A-Za-z0-9_-]*\\.[A-Za-z0-9_-]*\\.[A-Za-z0-9_-]*"
confidence: 0.8
- name: "bearer_token"
pattern: "Bearer\\s+[A-Za-z0-9_-]{32,}"
confidence: 0.85
# Entropy analysis settings
entropy_analysis:
enabled: true
min_length: 20
min_entropy: 4.5
charset_threshold: 0.8
# Response strategies
handling_strategy:
high_confidence: "block" # >0.9 confidence
medium_confidence: "mask" # 0.7-0.9 confidence
low_confidence: "alert" # 0.5-0.7 confidence
masking:
strategy: "partial" # partial | full | custom
mask_char: "*"
preserve_first: 4
preserve_last: 4
custom_replacement: "[SECRET_REDACTED]"
# Allowlist management
allowlist:
patterns:
- "test-api-key-12345"
- "demo-token-*"
contexts:
- environment: "development"
allow_all: false
- user_patterns: ["admin-*"]
allow_medium_confidence: true
# External integrations
integrations:
gitguardian:
enabled: false
api_key: "${GITGUARDIAN_API_KEY}"
endpoint: "https://api.gitguardian.com/v1/scan"
# Alert destinations
alerts:
slack:
enabled: true
webhook_url: "${SLACK_WEBHOOK_URL}"
channel: "#security-alerts"
email:
enabled: false
smtp_server: "smtp.company.com"
recipients: ["security@company.com"]Implementation Requirements
File Structure
plugins/secrets_detection/
├── __init__.py
├── detector.py # Main plugin class
├── patterns/ # Detection patterns
│ ├── __init__.py
│ ├── regex_patterns.py # Regex-based detection
│ ├── entropy_analyzer.py # Entropy-based detection
│ └── known_formats.py # Known secret formats
├── handlers/ # Response handlers
│ ├── __init__.py
│ ├── masking.py # Secret masking utilities
│ ├── blocking.py # Request blocking logic
│ └── alerting.py # Alert notification system
├── allowlist/ # Allowlist management
│ ├── __init__.py
│ └── manager.py
├── plugin-manifest.yaml # Plugin metadata
├── README.md # Usage documentation
└── patterns/ # Pattern database files
├── api_keys.yaml
├── passwords.yaml
├── tokens.yaml
└── certificates.yaml
Core Features
-
Multi-Method Detection
- Regex pattern matching with confidence scoring
- Shannon entropy analysis for random strings
- Known secret format recognition
- Context-aware detection (code vs text)
-
Comprehensive Secret Types
- Cloud provider API keys (AWS, GCP, Azure)
- Version control tokens (GitHub, GitLab, Bitbucket)
- Database connection strings
- Private keys and certificates
- JWT tokens and session cookies
- Custom organizational secrets
-
Flexible Response Handling
- Block high-confidence detections
- Mask medium-confidence detections
- Alert on low-confidence detections
- Configurable confidence thresholds
-
Enterprise Features
- Allowlist management with pattern matching
- Integration with external secret scanning services
- Real-time alerting (Slack, email, webhooks)
- Audit logging with secret detection metadata
Usage Examples
API Key Detection and Masking
# Input prompt with AWS access key
prompt = {
"content": "Here's my AWS config: AKIAIOSFODNN7EXAMPLE"
}
# Plugin detects high-confidence AWS access key
# Result: Request blocked or key masked as "AKIA***********AMPLE"JWT Token in Tool Arguments
# Tool call with JWT token
{
"tool": "api_call",
"arguments": {
"headers": {
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
}
}
# Plugin detects JWT token
# Result: Token masked as "Bearer eyJ***********************************w5c"Certificate Detection
# Resource containing private key
content = """
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7VJTUt9Us8cKB...
-----END PRIVATE KEY-----
"""
# Plugin detects private key with 100% confidence
# Result: Content blocked with security violationSecurity Features
- Pattern Database Updates: Regular updates from security communities
- False Positive Reduction: Context-aware detection and allowlist support
- Audit Trail: Complete logging of all detections and actions taken
- Performance Optimization: Efficient pattern matching and caching
Testing Requirements
- Unit tests for all detection methods and secret types
- Performance tests with large payloads
- False positive/negative rate testing
- Integration tests with real secret samples
- Security testing for edge cases and bypasses
Documentation Requirements
- Plugin configuration guide with examples
- Secret detection best practices
- Performance tuning recommendations
- Integration guide for external services
Acceptance Criteria
- Plugin implements SecretsDetectionPlugin class
- Supports multiple detection methods (regex, entropy, formats)
- Detects major secret types (API keys, tokens, certificates)
- Configurable handling strategies (block, mask, alert)
- Allowlist management with pattern matching
- Integration with external scanning services
- Comprehensive audit logging
- Plugin manifest and documentation created
- Unit tests with >95% coverage
- Performance benchmarks for large payloads
- Security testing for bypass attempts
Priority
High - Critical security feature for enterprise deployments
Dependencies
- entropy calculation libraries
- HTTP client for external service integration
- notification libraries (Slack, email)
- Pattern matching optimization libraries
Security Considerations
- Plugin itself must not log detected secrets
- Secure storage of allowlist patterns
- Rate limiting for external service calls
- Audit trail for all security decisions