Find leaked credentials across GitHub repositories.
Secret Scanner is a free, open-source tool that scans GitHub repositories for leaked credentials, API keys, tokens, passwords, and other sensitive secrets. Enter a GitHub username to scan all their public repositories, or paste a repository URL to scan a single project.
Secret Scanner uses 45 regex-based detection rules to find leaked credentials in source code. It reads every file in each repository through the GitHub API, skipping binary files, lock files, and build artifacts. All scanning happens entirely in your browser — no code or credentials are ever sent to our servers.
AWS Access Keys, Google API Keys, Azure Storage Keys, GCP Service Account Keys
OpenAI API Keys, Anthropic Keys, Project-scoped Keys
Stripe Secret Keys, Square Tokens, PayPal Client Secrets, Shopify Tokens
GitHub Tokens, GitLab Tokens, Bitbucket App Passwords
Slack Tokens, Discord Bot Tokens, Telegram Bot Tokens, Webhooks
npm Tokens, PyPI Tokens, Docker Hub Tokens, Database Connection Strings
View all 45 detection rules with full descriptions, risk assessments, and remediation guidance.
Accidentally committed credentials are one of the most common security vulnerabilities in software development. A single leaked AWS key can lead to unauthorized cloud resource usage, data breaches, or account takeover. GitHub's public repositories are continuously scanned by attackers looking for exposed API keys and tokens. Regular scanning helps you find and revoke compromised credentials before they can be exploited.