Secret Scanner - Find Exposed API Keys & Secrets
Scan code and configuration files for exposed secrets, API keys, tokens, and credentials. Detect AWS keys, GitHub tokens, private keys, and hardcoded passwords before they become security vulnerabilities.
Multiple Patterns
Detects AWS keys, GitHub tokens, API keys, private keys, and more.
100% Private
All scanning happens locally. Your code never leaves your browser.
Instant Results
Get immediate feedback on potential security issues.
Scan Text for Secrets
What This Tool Detects
- • AWS Access Keys and Secret Keys
- • GitHub Personal Access Tokens
- • Generic API Keys
- • Private Keys (RSA, OpenSSH, EC)
- • JWT Tokens
- • Slack Tokens
- • Google API Keys
- • Hardcoded Passwords
Why Scan for Secrets?
Accidentally committing secrets to version control or exposing them in configuration files is one of the most common security vulnerabilities. Attackers actively scan public repositories for exposed credentials, which can lead to data breaches, unauthorized access, and financial loss.
What This Tool Detects
- AWS Credentials: Access keys and secret keys
- GitHub Tokens: Personal access tokens and OAuth tokens
- API Keys: Generic API key patterns
- Private Keys: RSA, OpenSSH, and EC private keys
- JWT Tokens: JSON Web Tokens
- Slack Tokens: Bot and user tokens
- Google API Keys: Google Cloud API keys
- Hardcoded Passwords: Password variables in code
Best Practices
- Never commit secrets to version control
- Use environment variables for sensitive configuration
- Use secret management tools (AWS Secrets Manager, HashiCorp Vault)
- Add secrets to .gitignore
- Rotate exposed credentials immediately
- Use pre-commit hooks to scan for secrets
- Enable secret scanning on GitHub repositories