Neurobyte Technologies

Free Secret & API Key Scanner

Scan code, config or logs for leaked secrets — AWS keys, Google/GitHub/Stripe tokens, private keys and JWTs. Free and private; nothing is uploaded.

About this tool

Leaked credentials are one of the most common causes of breaches — an API key committed to a repo, a token pasted into a log, a private key left in a config file. This free secret scanner checks any code, configuration or log you paste for exposed secrets, including AWS keys, Google, GitHub and Stripe tokens, private keys and JWTs, using pattern matching that runs entirely in your browser.

Nothing you paste is uploaded, so it's safe to scan sensitive material. Use it as a quick pre-commit check, or when reviewing logs and config before sharing them. If it finds a real secret, rotate that credential immediately — once a key has been exposed, the only safe assumption is that it's compromised.

Frequently asked questions

What kinds of secrets does it detect?

Common high-risk patterns: AWS access keys, Google API keys, GitHub and Stripe tokens, private keys (PEM blocks), generic API keys and JWTs. It's a fast first-pass check, not an exhaustive scanner.

Is it safe to paste sensitive code?

Yes. All scanning runs locally in your browser and nothing is sent to a server. That said, only paste material you're authorised to handle.

What should I do if a secret is found?

Rotate the credential immediately, remove it from the code or history, and move secrets into environment variables or a secrets manager. Assume any exposed secret is already compromised.