Skip to content

Blackplums/how2validate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

85 Commits
.github
.github
 
 
assets
assets
 
 
build
build
 
 
docs
docs
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CODEOWNERS
CODEOWNERS
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 

Repository files navigation

How2Validate

About

How2Validate is a versatile security tool designed to streamline the process of validating sensitive secrets across various platforms and services.

Whether you're a developer, security professional, or DevOps engineer, How2Validate empowers you to ensure the authenticity and security of your API keys, tokens, and other critical information.

By leveraging the power of Python, JavaScript, and Docker, How2Validate offers a flexible and efficient solution for validating secrets against official provider endpoints. Its user-friendly command-line interface (CLI) makes it easy validating secrets, allowing you to quickly and accurately verify the integrity of your sensitive data.

Why How2Validate?

In today's digital landscape, the exposure of sensitive information such as API keys, passwords, and tokens can lead to significant security breaches. These vulnerabilities often arise from:

  • Leaked API Keys: Unintentional exposure through public repositories or logs.
  • Invalid Credentials: Using outdated or incorrect credentials that can compromise systems.
  • Misconfigured Secrets: Improperly managed secrets leading to unauthorized access.

How2Validate addresses these concerns by providing a robust solution to verify the authenticity and validity of your secrets directly with official providers. This proactive approach helps in:

  • Mitigating Risks: Prevent unauthorized access by ensuring only active secrets are used.
  • Enhancing Security Posture: Strengthen your application's security by regularly validating secrets.

Features

How2Validate offers a range of features designed to enhance the security and efficiency of secret management:

  • Validate API Keys, Passwords, and Sensitive Information: Interacts with official provider authentication endpoints to ensure the authenticity of secrets.
  • Cross-Platform Support: Available for JavaScript, Python, and Docker environments.
  • Easy to Use: Simplifies secret validation with straightforward commands and functions.
  • Real-Time Feedback: Instantly know the status of your secrets — whether they are active or not.
  • Detailed Reporting: Receive comprehensive reports on secret validation (Alpha Feature).
  • Updating Providers: Keep the tool up-to-date with the latest secret providers and their secret types.

Join Our Community discussions

Have questions? Feedback? Jump in and hang out with us

Join our GitHub Community Discussion

Packages

How2Validate is available for multiple platforms, ensuring seamless secret validation process. Choose the package manager that best fits your project needs:

Package Statistics

Stay updated with the latest versions and downloads:

Installation

Installing How2Validate is straightforward, whether you're working with JavaScript, Python, or Docker. Follow the instructions below to set up the package in your environment.

JavaScript

Using NPM

npx jsr add @how2validate/how2validate

Using pnpm

pnpm dlx jsr add @how2validate/how2validate

Using Bun

bunx jsr add @how2validate/how2validate

Using Yarn

yarn dlx jsr add @how2validate/how2validate

Using Deno

deno add jsr:@how2validate/how2validate

Python

Using pip

pip install how2validate

Docker

Get the latest version from GitHub Package Registry

Using docker

docker pull ghcr.io/blackplums/how2validate:main

Usage

How2Validate can be used both programmatically and via the command-line interface (CLI). Below are detailed instructions for JavaScript, Python, and CLI usage.

JavaScript

Importing and Using the Validate Function

import { validate } from '@how2validate/how2validate';

# Validate secrets programmatically
var validation_result = await validate(
    provider="NPM",
    service="NPM Access Token",
    secret="<<SECRET_HERE>>",
    response=False,
    report="[email protected]"
)
print(validation_result)

Python

Importing and Using the Validate Function

from how2validate import validate

# Validate secrets programmatically
validation_result = validate(
    provider="NPM",
    service="NPM Access Token",
    secret="<<SECRET_HERE>>",
    response=False,
    report="[email protected]"
)
print(validation_result)

CLI

Detailed CLI Help

The How2Validate tool provides multiple command-line options for validating secrets with precision.

To see all available commands, use:

how2validate --help

usage: How2Validate Tool [options]

Validate various types of secrets for different services.

options:
  -h, --help      show this help message and exit
  -secretscope    Explore the secret universe. Your next target awaits.
  -p, --provider  Specify your provider. Unleash your validation arsenal.
  -s, --service   Specify your target service. Validate your secrets with precision.
  -sec, --secret  Unveil your secrets to verify their authenticity.
  -r, --response  Monitor the status. View if your secret is Active or InActive.
  -R, --report    Get detailed reports. Receive validated secrets via email [Alpha Feature].
  -v, --version   Expose the version.
  --update        Hack the tool to the latest version.

Ensuring the authenticity of your secrets.

Example Command

Validate a Secret

how2validate --provider NPM --service "NPM Access Token" --secret "<<SECRET_HERE>>"

-- OR --

how2validate -p NPM -s "NPM Access Token" -sec "<<SECRET_HERE>>"

Validate with Response Status

how2validate --provider NPM --service "NPM Access Token" --secret "<<SECRET_HERE>>" --response

-- OR --

how2validate -p NPM -s "NPM Access Token" -sec "<<SECRET_HERE>>" -r

API Reference

Detailed documentation of the How2Validate API for both JavaScript and Python.

JavaScript API

validate(provider, service, secret, response, report)

Validates a secret against the specified provider and service.

  • Parameters:

    • provider (string): The name of the provider (e.g., "NPM", "GitHub").
    • service (string): The specific service or token type.
    • secret (string): The secret to validate.
    • response (boolean): If true, returns the full response.
    • report (string): Email Id to send a detailed report (Alpha Feature).

  • Returns:

    • validationResult (object): An object containing the validation status and details.

Example

import { validate } from '@how2validate/how2validate';

const result = validate("NPM", "NPM Access Token", "<<SECRET>>", true/false, "[email protected]");
console.log(result);

Python API

validate(provider, service, secret, response, report)

Validates a secret against the specified provider and service.

  • Parameters:

    • provider (string): The name of the provider (e.g., "NPM", "GitHub").
    • service (string): The specific service or token type.
    • secret (string): The secret to validate.
    • response (boolean): If true, returns the full response.
    • report (string): Email Id to send a detailed report (Alpha Feature).

  • Returns:

    • validation_result (object): An object containing the validation status and details.

Example

from how2validate import validate

result = validate(
    provider="NPM",
    service="NPM Access Token",
    secret="<<SECRET>>",
    response=True/False,
    report="[email protected]"
)
print(result)

License

All how2validate packages are released under the MIT license.

About

A CLI tool to validate secrets for different services.

how2validate.vercel.app

Topics

secrets secrets-management how2validate secret-validation

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 3

  •  
  •  
  •  

Languages