All projects · Rust

Kingfisher: Open Source Secret Scanner with Live Validation by mongodb

Rust Apache-2.0 SECURITY.md

Find, validate, and map the impact of leaked secrets across your stack. Revoke fast. 900+ rules.

credentialsdevsecopsscanningsecretssecrets-managementsecurity
Verdict 72/100 health $4.13/mo cheapest, hetzner 3/5 setup difficulty Last release 6 days ago

Self-host Kingfisher: Open Source Secret Scanner with Live Validation on hetzner CAX11 for $4.13/mo.

Deploy Kingfisher: Open Source Secret Scanner with Live Validation on hetzner → View on GitHub
Health score
72 /100
6-dim composite
Self-hosts from
$4.13 /mo
hetzner · CAX11
Difficulty
3 /5
External DB / setup
GitHub stars
1.1k
97 forks

About Kingfisher: Open Source Secret Scanner with Live Validation

From the project's README at github.com/mongodb/kingfisher. Lightly cleaned for readability; for the full source see the upstream repo.

Kingfisher is an open source secret scanner and live secret validation tool built in Rust.

It combines Intel's SIMD-accelerated regex engine (Hyperscan) with language-aware parsing to achieve high accuracy at massive scale, and ships with 950 built-in rules to detect, validate, and triage leaked API keys, tokens, and credentials before they ever reach production.

Kingfisher also ships a browser-based report viewer that visualizes and triages findings fr

Health score breakdown

6-dimension composite. See methodology for formula and weights.

activity
95
maturity
77
community
89
security
85
sustainability
53
adoption
26

Adoption signals

Real-world usage data, pulled from each registry. The bigger the numbers, the more battle-tested the project.

SignalValueSource
GitHub stars 1.1k github.com/mongodb/kingfisher
GitHub forks 97 github.com/mongodb/kingfisher
CRATES downloads (last month) 20 kingfisher

Release & maintenance

Is this project actively maintained, or about to die? Check the recency of last commit and last release.

Project age1.0 yearssince May 2025
Last commit2 days agoMay 5, 2026
Releases shipped88last: 6 days ago
Security policySECURITY.mddeclared by maintainers

Self-hosting cost across providers

Detected requirements: 4GB RAM, 40GB disk minimum. Cheapest plan per provider that meets the requirement.

ProviderPlanSpecsMonthly
hetzner CAX11 2c · 4GB · 40GB $4.13 USD Deploy →
vultr VC2 1c · 1GB · 25GB $5 USD Deploy →
linode Nanode 1GB 1c · 1GB · 25GB $5.12 USD Deploy →
digitalocean Basic Regular 1GB 1c · 1GB · 25GB $6 USD Deploy →

What people say on Hacker News

Ready to self-host Kingfisher: Open Source Secret Scanner with Live Validation?

Spin up a hetzner CAX11 (4GB RAM, 40GB disk) for $4.13/mo and follow the project's official install docs.

Deploy on hetzner → $4.13/mo Read install docs on GitHub

Data last refreshed May 7, 2026.

Similar open-source projects

Projects in our directory that replace the same SaaS or share topics with Kingfisher: Open Source Secret Scanner with Live Validation.

infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
★ 26,566 $4.13/mo
firezone
Enterprise-ready zero-trust access platform built on WireGuard®.
★ 8,594 $4.13/mo
ockam
Orchestrate end-to-end encryption, cryptographic identities, mutual authentication, and authorization policies between d
★ 4,615 $4.13/mo
bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHu
★ 13,955 $4.13/mo
RustScan
🤖 The Modern Port Scanner 🤖
★ 19,724 $4.13/mo
bunkerweb
🛡️ Open-source and cloud-native Web Application Firewall (WAF)
★ 10,420 $4.13/mo

Frequently asked questions

Last verified . Data refreshes every 30 minutes.