-
-
dashboard to detect history in real time
-
developers api file
-
push and see what happens and how the push is rejected
Inspiration I once accidentally pushed an API key to GitHub. It was stolen within minutes. Existing tools like GitGuardian detect leaks after they happen . I wanted something that stops them before the push ever reaches the remote.
What it does SentinelAI is a pre-push git hook that scans staged code for exposed secrets before they reach your repository. When a secret is detected it blocks the push, automatically replaces the raw secret in your file with a secure vault reference (op://vault/sentinelai/key-name), stores the encrypted value in a local vault, and sends a real-time Slack alert to your team. The dashboard gives a live view of every blocked push and vaulted secret.
How we built it Python, SQLite, Fernet AES encryption, Streamlit dashboard, Slack webhooks, Shannon entropy detection, regex pattern matching across 30+ secret types.
Challenges we ran into
Getting the git hook to correctly pass the repo path to the scanner Entropy threshold tuning too low causes false positives, too high misses real secrets Deduplicating findings when multiple patterns match the same value Making the vault key persist across runs without regenerating and breaking decryption
Accomplishments that I am proud of
Shannon entropy detection that catches unknown secrets no regex could find Auto-remediation not just detecting secrets but replacing them automatically Full pipeline working end to end in under 24 hours, built solo
What I learnt
How git hooks work under the hood Shannon entropy and its applications in security How secrets management tools like 1Password structure their vault references The difference between detection and remediation in security tooling
What's next for SentinelAI
1Password SDK integration for cloud vault storage sentinelai install CLI to add the hook to any repo in one command VS Code extension to catch secrets as you type Real-time screen monitoring using computer vision for screen shares ML classifier trained on real secret datasets to improve unknown detection
Log in or sign up for Devpost to join the conversation.