Author: Patrick Schell (@Patrickschell609)
On January 13, 2026, a bot scraped my GitHub repo,
found an exposed private key, and drained my wallet in seconds.
I built this so it never happens to anyone else.
Sentinel is a context-aware secret detection tool that actually works.
Unlike other scanners that flood you with false positives until you turn them off, Sentinel understands the difference between:
| Blocked (Real Secret) | Allowed (Not a Secret) |
|---|---|
private_key = "0xabc..." |
TX: 0xabc123... |
api_key = "ghp_xxx" |
Contract: 0x833... |
ssn = "123-45-6789" |
// Example SSN format |
Zero config. Zero false positives. Just protection.
curl -sSL https://raw.githubusercontent.com/Patrickschell609/sentinel/main/install.sh | bashThat's it. One line. You're protected.
# Scan current directory (all modules)
sentinel scan .
# Scan for specific types
sentinel scan . -c # Crypto keys only
sentinel scan . -b # Banking data only
sentinel scan . -p # PII only
sentinel scan . -k # API keys only
sentinel scan . -m # Medical/HIPAA only
sentinel scan . -a # All (default)
# Combine modules
sentinel scan . -cbk # Crypto + Banking + API keys
# Install as git hook (auto-scan every commit)
sentinel install| Flag | Module | What it catches |
|---|---|---|
-c |
Crypto | ETH, BTC, SOL private keys |
-b |
Banking | Routing numbers, account numbers, SWIFT, IBAN, credit cards |
-p |
PII | SSN, passport, driver's license, DOB, phone numbers |
-m |
Medical | HIPAA identifiers, MRN, NPI, DEA numbers |
-k |
Keys | AWS, GCP, GitHub, Stripe, Slack, Discord, Twilio, SendGrid, npm, PyPI |
-a |
All | Everything (default) |
Scanning...
⚠ Potential secret in README.md line 45
⚠ Potential secret in docs/example.md line 12
⚠ Potential secret in CHANGELOG.md line 89
⚠ Potential secret in test_utils.py line 23
... 47 more warnings ...
Developer: *disables tool*
Scanning...
✓ Clean. No secrets detected.
Developer: *keeps tool enabled forever*
Sentinel uses context analysis to understand what's actually dangerous:
private_key = "0x..."→ BLOCKED (assignment context)TX: 0x626bd9...→ Allowed (transaction hash context)Deployed at: 0xBA0...→ Allowed (address context)// Example: 0xabc...→ Allowed (comment context)
A security tool is worthless if people turn it off.
Protect every commit automatically:
cd /path/to/your/repo
sentinel installNow every git commit is scanned. Secrets are blocked before they enter git history.
$ git commit -m "Add feature"
⛔ SECRETS DETECTED — DO NOT COMMIT
File: src/config.py:23
Type: ETH Private Key (crypto)
Value: 0x7ddb989f93684930...
Risk: $50,000+
Remove the secret(s) before committing.
- Bots scan GitHub in real-time, 24/7
- Exposed keys are drained in seconds to minutes
- Average loss from a leaked crypto key: $10,000 - $100,000+
- Time to install Sentinel: 10 seconds
I pledge to:
1. Install Sentinel on every repo I own
2. Never commit secrets to git
3. Share this with 3 developers who need it
The bots stop when we all say no.
- v1.0 - Basic pattern matching
- v2.0 - Context-aware analysis (no false positives)
- v3.0 - Modular detection (crypto, banking, PII, medical, API keys)
- v3.1 - Filesystem watcher daemon
- v3.2 - VS Code extension
- v3.3 - JetBrains plugin
- v4.0 - Community pattern database
Found a secret pattern we're missing? Open a PR.
The bots evolve. So does Sentinel.
MIT — Use it. Share it. Protect each other.
January 13, 2026.
I pushed code to GitHub.
Forgot to remove a test key.
60 seconds later, my wallet was empty.
The bot didn't care that it was a test.
The bot didn't care that I was learning.
The bot just took.
So I built something that takes back.
Not for money. For the mission.
To end the era of leaked secrets.
The bots don't stand a chance against
someone who's not doing it for the money.
— Patrick Schell
I am the Sentinel.
I watch every commit.
Nothing escapes.