密钥扫描器
扫描代码中泄露的密钥和凭据。在提交前检测 AWS 密钥、GitHub 令牌、API 密钥等。
All scanning happens locally in your browser
Detected Secret Types:
• AWS Access Key• AWS Secret Key• GitHub Token• GitHub Personal Access Token (Classic)• Slack Token• Slack Webhook• Google API Key• Stripe Secret Key• Stripe Publishable Key• Stripe Test Key• Twilio API Key• SendGrid API Key• Mailchimp API Key• npm Token• PyPI Token• Heroku API Key• Private Key• Password in URL
Note: This scanner uses pattern matching and may produce false positives. Always review detected items manually. Placeholders and environment variables are typically filtered out.
Secret Detection - 技术详情
Accidentally committing secrets to version control is a common security issue. Secrets include API keys, database passwords, OAuth tokens, and private keys. Use pre-commit hooks and secret scanning tools to prevent leaks.
命令行替代方案
# Use git-secrets or gitleaks\ngitleaks detect --source .\n\n# Pre-commit hook example\npre-commit install