Secret Scanner

Scan code for leaked secrets and credentials. Detect AWS keys, GitHub tokens, API keys, and more before committing.

All scanning happens locally in your browser

Paste code to scan for secrets

Detected Secret Types:

• AWS Access Key• AWS Secret Key• GitHub Token• GitHub Personal Access Token (Classic)• Slack Token• Slack Webhook• Google API Key• Stripe Secret Key• Stripe Publishable Key• Stripe Test Key• Twilio API Key• SendGrid API Key• Mailchimp API Key• npm Token• PyPI Token• Heroku API Key• Private Key• Password in URL

Note: This scanner uses pattern matching and may produce false positives. Always review detected items manually. Placeholders and environment variables are typically filtered out.

Secret Detection - Technical Details

Accidentally committing secrets to version control is a common security issue. Secrets include API keys, database passwords, OAuth tokens, and private keys. Use pre-commit hooks and secret scanning tools to prevent leaks.

Command-line Alternative

# Use git-secrets or gitleaks\ngitleaks detect --source .\n\n# Pre-commit hook example\npre-commit install

Reference

View Official Specification