Skip to content

Patrickschell609/Sentinel

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

SENTINEL

The Last Line of Defense Against Data Leaks

Author: Patrick Schell (@Patrickschell609)


On January 13, 2026, a bot scraped my GitHub repo,
found an exposed private key, and drained my wallet in seconds.

I built this so it never happens to anyone else.

What is Sentinel?

Sentinel is a context-aware secret detection tool that actually works.

Unlike other scanners that flood you with false positives until you turn them off, Sentinel understands the difference between:

Blocked (Real Secret) Allowed (Not a Secret)
private_key = "0xabc..." TX: 0xabc123...
api_key = "ghp_xxx" Contract: 0x833...
ssn = "123-45-6789" // Example SSN format

Zero config. Zero false positives. Just protection.


Install

curl -sSL https://raw.githubusercontent.com/Patrickschell609/sentinel/main/install.sh | bash

That's it. One line. You're protected.


Usage

# Scan current directory (all modules)
sentinel scan .

# Scan for specific types
sentinel scan . -c          # Crypto keys only
sentinel scan . -b          # Banking data only
sentinel scan . -p          # PII only
sentinel scan . -k          # API keys only
sentinel scan . -m          # Medical/HIPAA only
sentinel scan . -a          # All (default)

# Combine modules
sentinel scan . -cbk        # Crypto + Banking + API keys

# Install as git hook (auto-scan every commit)
sentinel install

Modules

Flag Module What it catches
-c Crypto ETH, BTC, SOL private keys
-b Banking Routing numbers, account numbers, SWIFT, IBAN, credit cards
-p PII SSN, passport, driver's license, DOB, phone numbers
-m Medical HIPAA identifiers, MRN, NPI, DEA numbers
-k Keys AWS, GCP, GitHub, Stripe, Slack, Discord, Twilio, SendGrid, npm, PyPI
-a All Everything (default)

Why Sentinel is Different

Other tools:

Scanning...
⚠ Potential secret in README.md line 45
⚠ Potential secret in docs/example.md line 12
⚠ Potential secret in CHANGELOG.md line 89
⚠ Potential secret in test_utils.py line 23
... 47 more warnings ...

Developer: *disables tool*

Sentinel:

Scanning...
✓ Clean. No secrets detected.

Developer: *keeps tool enabled forever*

Sentinel uses context analysis to understand what's actually dangerous:

  • private_key = "0x..."BLOCKED (assignment context)
  • TX: 0x626bd9... → Allowed (transaction hash context)
  • Deployed at: 0xBA0... → Allowed (address context)
  • // Example: 0xabc... → Allowed (comment context)

A security tool is worthless if people turn it off.


Git Pre-Commit Hook

Protect every commit automatically:

cd /path/to/your/repo
sentinel install

Now every git commit is scanned. Secrets are blocked before they enter git history.

$ git commit -m "Add feature"

⛔ SECRETS DETECTED — DO NOT COMMIT

  File: src/config.py:23
  Type: ETH Private Key (crypto)
  Value: 0x7ddb989f93684930...
  Risk: $50,000+

Remove the secret(s) before committing.

The Numbers

  • Bots scan GitHub in real-time, 24/7
  • Exposed keys are drained in seconds to minutes
  • Average loss from a leaked crypto key: $10,000 - $100,000+
  • Time to install Sentinel: 10 seconds

#ZeroLeakPledge

I pledge to:
1. Install Sentinel on every repo I own
2. Never commit secrets to git
3. Share this with 3 developers who need it

The bots stop when we all say no.

Roadmap

  • v1.0 - Basic pattern matching
  • v2.0 - Context-aware analysis (no false positives)
  • v3.0 - Modular detection (crypto, banking, PII, medical, API keys)
  • v3.1 - Filesystem watcher daemon
  • v3.2 - VS Code extension
  • v3.3 - JetBrains plugin
  • v4.0 - Community pattern database

Contributing

Found a secret pattern we're missing? Open a PR.

The bots evolve. So does Sentinel.


License

MIT — Use it. Share it. Protect each other.


The Story

January 13, 2026.

I pushed code to GitHub.
Forgot to remove a test key.
60 seconds later, my wallet was empty.

The bot didn't care that it was a test.
The bot didn't care that I was learning.
The bot just took.

So I built something that takes back.

Not for money. For the mission.
To end the era of leaked secrets.

The bots don't stand a chance against
someone who's not doing it for the money.

— Patrick Schell

I am the Sentinel.
I watch every commit.
Nothing escapes.

About

The Data/antivirus

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors