Too Many Secrets (2MS)
2MS is an open-source tool that automatically detects credentials and other sensitive details exposed in code repositories and collaboration platforms.
Exposed secrets are a major AppSec attack vector
Enterprises are unintentionally exposing thousands of secret credentials every day, leading to cyberattacks, financial loss, and reputational damage. 2MS finds exposed secrets so that you can better protect your organization from attack.
Prevent Exposed Secrets with 2MS
Use this free tool to identify 170+ types of secrets stored as unencrypted text in code repositories, communication platforms, and content management platforms.
Keep your Secrets Secret with 2MS
Minimize risk by quickly identifying and eliminating sensitive credentials that may have been unintentionally exposed.
Powerful Secrets Detection
2MS accurately identifies 170+ different types of secrets (login credentials, access tokens, encryption keys, API keys, SSH keys, webhook URLs, etc.) in code repositories (Git repos and local directories), collaboration tools (Slack and Discord), and CMS Platforms (Confluence and Paligo).
Automatic Secret Validation
To help prioritize remediation efforts, 2MS automatically attempts to determine which discovered secrets are still valid and operative.
Rule Customization
Detection rules can be customized or added using RegEx expressions, and existing rules can be flagged to be ignored.
CI/CD Integrations
Secret detection can be automated as part of workflows via integration with GitHub Actions and Azure Pipelines.
Stories from enterprise security leaders
“We’ve seen an 80% noise reduction — our engineers now focus on the high-quality risks that matter.”Explore Best Buy Case Study
Keep your Secrets Secret with 2MS
Automate, secure, and simplify your software inventory management for government-grade security standards.