Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



11 Commits

Repository files navigation



License Build Status Go ReportCard

secretz is a tool that minimizes the large attack surface of Travis CI. It automatically fetches repos, builds, and logs for any given organization.

Built during and for our research on TravisCI:


secretz -t Organization [options]


Flag Description Example
-t Organization to get repos, builds, and logs for secretz -t ExampleCo
-c Limit the number of workers that are spawned secretz -t ExampleCo -c 3
-delay delay between requests + random delay/2 jitter secretz -t ExampleCo -delay 900
-members [list | scan] Get all GitHub members belonging to Organization and list/scan them secretz -t ExampleCo -members scan
-timeout How long to wait for HTTP Responses from Travis CI secretz -t ExampleCo -timeout 20
-setkey Set API Key for secretz -setkey yourapikey


Via go get

go get -u

Via git clone

go get -u
git clone
cd secretz && go build -o secretz main.go

Generate an API-Key:

travis login
travis token --org

Create config file

secretz -setkey <API-KEY>


Please keep your delay high and your workers low out of respect for TravisCI and their APIs. This will also help you from being rate-limited by them.