GitHub secret scanner
Hunt exposed API keys in public commits β OpenAI, Anthropic, Stripe, AWS, and more. No login, no cost. Powered by the public GitHub API.
Scans recent commits only (caps apply). Add GITHUB_TOKEN on the server for higher rate limits.
Detection patterns
We match common high-risk formats (Twilio's 32-char hex can false-positive).
- OpenAI API Key
- Anthropic API Key
- Groq API Key
- Stripe Secret Key
- Stripe Test Key
- Twilio Auth Token
- SendGrid API Key
- GitHub Token
- AWS Access Key
- Google API Key
- Resend API Key
Hall of Shame
The worst API key exposures caught by this scanner. All anonymized. All real. Refreshes every 60s.
Loading live statsβ¦
| Rank | Secret type | Days exposed | Risk / day | Severity |
|---|---|---|---|---|
| No entries yet. Run a scan above that finds secrets β the leaderboard fills automatically. | ||||
Is your key on this list?
We never publish real repo names. The patterns are real β scan before someone else does.
Scan your repos β free, no signupGet weekly scan alerts
We'll scan your repos every Monday and email you results.