Skip to content

Getting Started

Terminal window
go install github.com/varalys/redactyl@latest
redactyl --help
Terminal window
brew install varalys/tap/redactyl
Terminal window
git clone https://github.com/varalys/redactyl.git
cd redactyl
make build
./bin/redactyl --version

Tip: Add the local bin/ to PATH for this shell:

Terminal window
export PATH="$PWD/bin:$PATH"

Navigate to any project directory and run:

Terminal window
redactyl scan

This opens the interactive TUI where you can browse findings, filter by severity, and take action on secrets. The TUI provides:

  • Real-time findings with severity color-coding
  • Vim-style navigation with search, filter, and grouping
  • Syntax-highlighted context preview
  • Quick actions: open in editor, baseline, ignore, export
  • Virtual file extraction from archives
  • Diff view to compare scans

For CI/CD pipelines, disable the TUI:

Terminal window
redactyl scan --no-tui

Get suggested remediation commands:

Terminal window
redactyl scan --guide --no-tui
Terminal window
redactyl scan --json # Auto-disables TUI
Terminal window
redactyl scan --sarif > redactyl.sarif.json
Terminal window
redactyl scan --text --no-tui

Control what gets scanned:

Terminal window
# Staged changes only
redactyl scan --staged
# Last N commits
redactyl scan --history 5
# Diff vs base branch
redactyl scan --base main

Scan containers, Helm charts, and archives. The artifacts that actually run in production:

Terminal window
# Scan container images
redactyl scan --containers
# Scan Helm charts
redactyl scan --helm
# Scan Kubernetes manifests
redactyl scan --k8s
# Scan everything
redactyl scan --archives --containers --helm --k8s