>_clihub
BAGEL(1)

NAME

bagelboostsecurityio/bagel

SYNOPSIS

$brew install bagel

INFO

111 stars
7 forks
0 views
GoSecurity
source

DESCRIPTION

boostsecurityio/bagel

README

Bagel

Inventory what matters on developer machines—tools, configs, and metadata about secrets—to improve org supply‑chain security without exfiltrating payloads.

What is it?

Bagel is a cross‑platform CLI that inspects developer workstations (macOS, Linux, Windows) and produces a structured report of:

  • Dev tool configurations and risky settings across 9 probes: Git, SSH, npm, environment variables, shell history, cloud credentials (AWS/GCP/Azure), JetBrains IDEs, GitHub CLI, and AI CLI tools.
  • Secret locations (metadata only): presence of tokens, keys, and credentials in config files, env vars, and history—detected by 8 secret detectors—never the secret values.

For detailed documentation on each probe and detector, see the Bagel docs site.

Privacy & Safety by Design

  • No payloads. Ever. Bagel records only metadata (path, owner, perms, timestamps, config flags, key type/length/expiry). Secret values are never included in output or written to disk.
  • Local‑first. Reports are printed to stdout as JSON by default.
  • Minimally intrusive. Read‑only operations; no process injection; no network scanners.
  • Transparent. Every probe is documented and can be toggled via configuration.

Why run it?

Modern supply‑chain risk often lands on developer endpoints (malicious packages, misconfig creds, weak key hygiene). Bagel standardizes visibility so security teams can:

  • Find high‑signal misconfigs (e.g., http.sslVerify=false, ForwardAgent yes, plaintext creds files, unencrypted SSH keys).
  • Detect leaked secrets in shell history, .env files, and config files.
  • Enforce baseline posture checks in CI with --strict.

Risk checks (examples)

  • Git: credential.helper=store, http.sslVerify=false, custom core.sshCommand with non‑standard binaries, dangerous protocols, fsck disabled.
  • npm: tokens in .npmrc, strict-ssl=false, HTTP (non‑HTTPS) registries.
  • SSH: keys without passphrase, ForwardAgent yes, StrictHostKeyChecking=no, permissive file modes.
  • Environment & history: secrets embedded in env vars, .env files, or shell command history.
  • Cloud: AWS credentials, GCP API keys, Azure storage keys in config files.

Installation

Pre-built Binaries

Download the latest release from GitHub Releases.

macOS:

# Intel Mac
curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Darwin_x86_64.tar.gz | tar xz
sudo mv bagel /usr/local/bin/

Apple Silicon


curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Darwin_arm64.tar.gz | tar xz
sudo mv bagel /usr/local/bin/

Homebrew:

brew tap boostsecurityio/tap
brew install bagel

Linux:

# x86_64
curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Linux_x86_64.tar.gz | tar xz
sudo mv bagel /usr/local/bin/

ARM64


curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Linux_arm64.tar.gz | tar xz
sudo mv bagel /usr/local/bin/

Windows:

Download bagel_Windows_x86_64.zip from the releases page, extract it, and add it to your PATH.

Invoke-WebRequest -Uri "https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Windows_x86_64.zip" -OutFile "bagel.zip"
Expand-Archive -Path "bagel.zip" -DestinationPath "."

Build from Source

Requires Go 1.25 or later.

git clone https://github.com/boostsecurityio/bagel.git
cd bagel
go build -o bagel ./cmd/bagel

Verify Installation

bagel version

Usage

bagel scan

This scans your workstation and outputs findings to stdout in JSON format.

Common flags

FlagDescription
--format, -fOutput format: json (default), table
--output, -oWrite output to a file instead of stdout
--strictExit with code 2 if any findings are detected
--no-cacheBypass file index cache and force rebuild
--no-progressDisable progress bars
--verbose, -vEnable verbose (debug) logging
--configPath to configuration file

Examples

# Save report to a file
bagel scan -o report.json

Table output for quick review


bagel scan -f table


CI gate: fail the build if findings exist


bagel scan --strict


Debug a specific scan


bagel scan --verbose --no-progress

Configuration

Bagel uses a YAML configuration file. It looks for bagel.yaml in these locations (in order):

  1. Path specified with --config
  2. Current directory (./bagel.yaml)
  3. Platform config directory (~/.config/bagel/bagel.yaml on Unix, %APPDATA%\bagel\bagel.yaml on Windows)

Example configuration

version: 1
probes:
  git:
    enabled: true
  ssh:
    enabled: true
  npm:
    enabled: true
  env:
    enabled: true
  shell_history:
    enabled: true
  cloud:
    enabled: true
  jetbrains:
    enabled: true
  gh:
    enabled: true
  ai_cli:
    enabled: true
privacy:
  redact_paths: []
  exclude_env_prefixes: []
output:
  include_file_hashes: false
  include_file_content: false

All probes are enabled by default. To disable a probe, set enabled: false.

Output schema (excerpt)

{
  "metadata": {
    "version": "0.1.0",
    "timestamp": "2026-02-10T12:00:00Z",
    "duration": "1.234s"
  },
  "host": {
    "hostname": "dev-laptop",
    "os": "darwin",
    "arch": "arm64",
    "username": "dev",
    "system": {
      "os_version": "15.3",
      "kernel_version": "Darwin 25.2.0",
      "cpu_model": "Apple M1",
      "cpu_cores": 8,
      "ram_total_gb": 16
    }
  },
  "findings": [
    {
      "id": "git-ssl-verify-disabled",
      "probe": "git",
      "severity": "high",
      "title": "Git SSL Verification Disabled",
      "message": "Git is configured to skip SSL certificate verification...",
      "path": "git-config:http.sslverify"
    },
    {
      "id": "ssh-private-key-rsa",
      "probe": "ssh",
      "severity": "critical",
      "title": "Unencrypted SSH Private Key Detected (RSA)",
      "message": "An unencrypted RSA SSH private key was detected...",
      "path": "file:/Users/dev/.ssh/id_rsa"
    }
  ]
}

Architecture

  • Probes: small, hermetic modules that scan specific areas of the system.
  • Detectors: reusable secret detection patterns used by probes.
  • Collector: orchestrates probes with timeouts and resource caps.
  • Reporters: render JSON or table output; emit exit codes for CI.

Each probe declares its scope (user/system), paths touched, env vars read, and risk rules it can emit.

Current Probes

ProbeDescriptionWhat it checks
gitGit configuration securitySSL verification disabled, SSH config issues (StrictHostKeyChecking, UserKnownHostsFile), plaintext credential storage (credential.helper=store), dangerous protocols (ext, fd, file), fsck disabled, proxy settings, custom hooks path
sshSSH configuration and key securityStrictHostKeyChecking=no, UserKnownHostsFile=/dev/null, ForwardAgent=yes, private key file permissions, unencrypted private keys
npmNPM/Yarn configuration.npmrc and .yarnrc files: strict-ssl=false, HTTP (non-HTTPS) registries, always-auth settings
envEnvironment variables and dotfilesEnvironment variables, shell config files (.bashrc, .zshrc), .env files for embedded secrets
shell_historyShell history files.bash_history, .zsh_history for secrets in command history
cloudCloud provider credentialsAWS (~/.aws/config, ~/.aws/credentials), GCP (~/.config/gcloud/), Azure config files
jetbrainsJetBrains IDE configurationJetBrains IDE workspace files and configuration for embedded secrets
ghGitHub CLIGitHub CLI authentication tokens and configuration
ai_cliAI CLI toolsCredential files and chat logs for Gemini, Codex, Claude, and OpenCode

Current Detectors

DetectorDescriptionPatterns detected
github-tokenGitHub authentication tokensClassic PAT (ghp_), Fine-grained PAT (github_pat_), OAuth (gho_), App User-to-Server (ghu_), App Server-to-Server (ghs_), Refresh Token (ghr_)
npm-tokenNPM authentication tokensNPM auth tokens (npm_*)
ai-serviceAI service API keysOpenAI (sk-), Anthropic (sk-ant-api03-, sk-ant-admin01-), Hugging Face (hf_, api_org_)
http-authenticationHTTP auth credentialsBearer tokens, Basic Auth headers, API key headers (X-API-Key, etc.), Basic Auth in URLs (http://user:pass@host)
ssh-private-keySSH private keysRSA, DSA, EC, OPENSSH, PKCS8 keys; detects encrypted vs unencrypted
cloud-credentialsCloud provider credentialsAWS Access Key ID (AKIA*, ASIA*, etc.), GCP API Key (AIza*), Azure Storage Account Key
generic-api-keyGeneric secretsHigh-entropy strings matching common secret patterns (uses Shannon entropy analysis)
jwtJSON Web TokensJWT tokens (eyJ prefix with standard JWT structure)

Platform support

OSSupport
macOS (Intel & Apple Silicon)Full support
Linux (x86_64 & ARM64)Full support
Windows (x86_64)Full support with platform-specific file paths and PowerShell history

All probes work cross-platform with appropriate path handling for each OS.

Scrub Command

Fork addition -- not in upstream Bagel.

bagel scrub removes credentials from AI CLI session logs and shell history files, replacing them with [REDACTED-<type>] markers while preserving conversation context.

# Scan and interactively confirm (default)
bagel scrub

Skip prompt, apply immediately


bagel scrub --yes


Scan only, no modifications


bagel scrub --dry-run


Scrub without grace period (includes recent files)


bagel scrub --yes --grace-minutes 0


Scrub a single file


bagel scrub --yes --file ~/.claude/projects/foo/abc123.jsonl

FlagDefaultDescription
--yes / -yfalseSkip confirmation prompt and apply changes
--dry-runfalseScan and report only, do not modify files
--grace-minutes60Skip files modified within this many minutes
--fileScrub a single file instead of all eligible files

Targets:

  • ~/.claude/projects/**/*.jsonl -- Claude Code session logs
  • ~/.claude/projects/**/*.txt -- Claude Code tool results
  • ~/.codex/sessions/**/*.jsonl -- Codex CLI session logs
  • ~/.gemini/tmp/*/chats/*.json -- Gemini CLI chat logs
  • ~/.local/share/opencode/**/*.json -- OpenCode session logs
  • ~/.bash_history -- Bash shell history
  • ~/.zsh_history -- Zsh shell history
  • ~/.sh_history -- Generic shell history
  • ~/.local/share/fish/fish_history -- Fish shell history

Recommended workflow:

  1. bagel scan -f table -- assess your exposure
  2. bagel scrub --yes -- clean up
  3. bagel scan -f table -- verify reduction
  4. Rotate any credentials that were found

Integrations

  • CI: run bagel scan --strict in your pipeline to fail builds when findings are detected.

Exit codes

  • 0 – success, no findings detected (or --strict not set)
  • 1 – runtime error
  • 2 – findings detected (when using --strict)

FAQ

Does it read my secrets? No. It only gathers metadata and security‑relevant flags.

Is it noisy? Probes are read‑only, batched, and time‑boxed to keep scans under a minute on typical dev machines.

SEE ALSO

gitleaks(1)Find secrets with Gitleaks 🔑infisical(1)Infisical is the open-source platform for secrets, certificates, and privileged access management.rage(1)A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and…actions-up(1)🌊 Interactive CLI tool to update GitHub Actions to latest versions with SHA pinningKryptor(1)A simple, modern, and secure encryption and signing tool that aims to be a better version of age and Minisign.
clihub3/18/2026BAGEL(1)