Argus Nano
A purpose-built SLM for secrets detection that runs entirely on your machine.
Model Description
- Fine-tuned from CodeBERT for binary classification: REAL_SECRET vs BENIGN
- Designed to distinguish real API keys, tokens, and credentials from benign lookalikes (test values, hashes, UUIDs, placeholders)
- Context-aware: considers surrounding code, not just the string itself
Intended Use
- Pre-commit hooks
- CI/CD pipeline scanning
- IDE integration
- Any tool that needs to detect leaked secrets in code
How to Use
Python
from argus_nano import Scanner
scanner = Scanner()
results = scanner.scan_file("config.yml")
Rust
let scanner = argus_nano::Scanner::new(Default::default())?;
let results = scanner.scan_file("config.yml")?;
CLI
argus-nano scan ./my-repo
Performance
Tested against a 1,180-file corpus (480 real secrets across 37 providers, 700 benign files).
| Metric | Value |
|---|---|
| Precision | 100.0% |
| Recall | 99.8% |
| F1 Score | 99.9% |
| False Positive Rate | 0.0% |
| Inference Speed | 11.0s / 1000 files |
| Model Size (quantized) | ~125MB |
Supported Providers
See patterns/providers/ for the full list.
Limitations
- Optimized for standard provider key formats; custom/proprietary formats may require adding patterns
- Binary classification only (v1); multi-class planned for v2
- Designed for source code context; may be less accurate on log files or unstructured text
License
Apache 2.0