Skip to main content
A secret in your git history is a secret in every attacker’s hand. This scheduled automation scans your repositories for accidentally committed credentials (API keys, access tokens, private keys, connection strings), files urgent remediation tickets, and walks through the rotation steps — so you catch leaks before they become incidents.

Use this template

Open Secret Scanner in Devin and create the automation with the default configuration. You can customize it before saving.

What this automation does

Unlike one-shot scanners, this automation runs on an ongoing cadence and includes the human-steerable workflow: confirm the finding, rotate the credential, verify the rotation, and remove the secret from git history. Devin drives each step so your team doesn’t have to remember the rotation playbook.

How it works

Trigger: Schedule eventrecurring
  • Event: schedule:recurring
    • Conditions:
      • rrule matches FREQ=DAILY;BYHOUR=9;BYMINUTE=0
What Devin does: Starts a session with full event context, executes the prompt below, and (optionally) notifies you on failure.

Prerequisites

Example prompt

The template ships with this prompt. You can edit it after clicking Use template, or leave it as-is.

Setting it up

  1. Open Automations → Templates in Devin.
  2. Click Secret Scanner. The create page opens with this template pre-filled.
  3. Connect any required integrations and install MCP servers if you haven’t already.
  4. Replace any placeholder values in the trigger conditions (for example, swap your-org/your-repo for your actual repo).
  5. Review the prompt and adjust it for your team’s language, conventions, and guardrails.
  6. Click Create automation.
Most automation templates include suggested ACU and invocation limits to bound cost during early rollout. Keep them as-is until you’re confident in the automation’s behavior, then raise them to fit your workload.

When to use this template

  • Proactive detection of accidentally committed secrets
  • Onboarding legacy repos to stricter secret-scanning policies
  • Compliance programs requiring documented secret rotation
  • Post-incident sweeps after a public leak

Customization ideas

  • Configure which secret patterns matter most (AWS, Stripe, Slack, internal)
  • Integrate with your secret manager for automatic rotation steps
  • Scope to specific repos or branches
  • Route critical findings to an incident response channel

See also