Changelogs » Detect-secrets-server



June 4th, 2019

:bug: Bugfixes

* Fixed a **very important bug** where we were not fetching changes for non-local repositories ([30], thanks [chetmancini], [akshayatplivo], [ajchida], [rameshkumar-a]))
* [Fixed a `UnidiffParseError: Hunk is shorter than expected` crash](

:art: Display Changes

* [Added a helpful error message for when a user tries to use S3 features without boto3 installed](



March 21st, 2019

:tada: New Features

* [Bumped version of `detect-secrets`]( from v0.12.0 to [v0.12.2](, primarily to improve performance


March 14th, 2019

:bug: Bugfixes

* Fixed a bug where we were not assigning the commit of found secrets to HEAD ([27])



March 14th, 2019

:snake: Miscellaneous

* [Fixed]( an [internal issue](


March 14th, 2019

:bug: Bugfixes

* Fixed a bug where we were `git fetch`ing for local git repositories ([26])



March 13th, 2019

:tada: New Features

* Added a `--diff-filter` optimization, so we only scan added, copied or modified files ([22])


:bug: Bugfixes

* Fixed a bug where, `scan` on bare repositories gave a `Your local changes to the following files would be overwritten by merge:` error ([23])



February 12th, 2019

:bug: Bugfixes

* [Fixed a bug where we were using an older version of `detect-secrets` in our `requirements-dev` `txt` files](


February 12th, 2019

:tada: New Features

* Added `--exclude-files` and `--exclude-lines` args to scan ([18])
* Added git commit to secrets before calling `output_hook.alert` ([15])


:boom: Breaking Changes

* Started to ignore the `exclude_regex` in repo metadata when scanning as a short-term solution for [Issue 17]( ([18])



January 14th, 2019

:bug: Bugfixes

* `add` and `scan` now handle non-SSH urls for git cloning. See
[Issue 13]( for more details.


January 11th, 2019

:tada: New Features

* Bumped version of `detect-secrets` to 0.11.4, so that we can leverage the
new `AWSKeyDetector` and the `KeywordDetector`.


January 10th, 2019

:tada: New Features

* Added support for delegating state management to output hooks, using the
flag `--always-update-state`.


January 09th, 2019

:boom: Breaking Changes

* All previous config files' format has been changed, for better usability
(and reducing the need to supply multiple config files during a single
invocation). Be sure to check out some examples in

* The CLI API has also been changed, to support better usability. Check out
how to use the new commands with `-h`.

:tada: New Features

* **Actually** works with the latest version of `detect-secrets`.

* New `--output-hook` functionality, to specify arbitrary scripts for handling
alerts. This should make it easier, so users aren't forced into using pysensu.

* `detect-secrets-server list` supports a convenient way to list all tracked

* `detect-secrets-server install` is a modular way to connect tracked repositories
with a system that runs `detect-secrets-server scan` on a regular basis.
Currently, the only supported method is `cron`.

:mega: Release Highlights

* Minimal dependencies! Previously, you had to install boto3, even if you weren't
using the S3 storage option. Now, only install what you need, based on your
unique setup.

* Introduction of the `Storage` class abstraction. This separates the management
of tracked repositories (git cloning, baseline comparisons) with the method of
storing server metadata, for cleaner code, decoupled architecture, and