Hardcoding credentials in code is never a good idea. If your source code falls into the hands of a malicious entity (and it happens more often than we'd like to acknowledge), they can use secrets from the source code to gain access to systems.

This section covers configuration specific to the Secrets analyzer. Please make sure you have read the general configuration guide first.

Configuration - .deepsource.toml


  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "secrets"


  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true


The Secrets analyzer only detects hardcoded secrets in non-test files. To specify a certain pattern of files as test files, add them as test patterns, as shown in the example below.

Sample config

version = 1

test_patterns = [

exclude_patterns = [

name = "secrets"
enabled = true