Free preview. Full report $3.99.
Find leaked API keys before strangers do.
Secret Leak Check scans a public GitHub repo or ZIP for exposed keys, credentials, and deleted secrets still hiding in git history.
What we check
Known API keys from OpenAI, Anthropic, AWS, GitHub, Stripe, Google, Supabase, and more
Committed .env files, private keys, and service-account credential files
Secrets accidentally exposed through NEXT_PUBLIC_, VITE_, or REACT_APP_ variables
Git history leaks that still exist after a secret was deleted from the latest files
Private repo?
Export your project as a ZIP and upload it here. ZIP uploads are first-class.
We never run your code. Detection is static and deterministic.
Privacy promise
Secrets are masked at detection time. Raw keys are not stored, returned, logged, or sent to AI.
$3.99 one-time
FAQ
Do you verify if a key is live?
No. We do not call provider APIs with your keys. If a real-looking key is committed, you should rotate it.
Do you scan git history?
Yes for GitHub repos. ZIPs scan history too when the uploaded archive includes a .git directory.
Do you use AI?
No. Secret detection and fix guidance are rule-based. Raw keys are never sent to AI.
Will you show my key in the report?
No. Free previews and paid reports only show masked secrets.