🔎
シークレットスキャナー
Local Only" data-tooltip="Nothing is uploaded — scanning happens in your browser." cursor-help> Local Onlyコード内の露出した秘密鍵を検索します。
- Actionable
High
0
Medium
0
Low
0
Findings
Click Scan to find secrets.
Immediate steps
- Revoke/rotate the credential immediately (don’t just delete the commit).
- Search for usage in logs and audit trails.
- Invalidate sessions if applicable.
- Patch the process: use secret managers, pre-commit scanning, CI checks.
Notes
Regex scanners can miss secrets (false negatives) and flag benign strings (false positives). Use multiple signals.
What are Secret Leaks?
Secret leaks occur when sensitive information like API keys, passwords, or private tokens are accidentally committed to version control or shared in public forums. These leaks can lead to unauthorized access, data breaches, and financial loss. This tool helps identify common secret patterns locally in your browser before you share or commit your code.
How to Use This Tool
Paste your code, configuration, or log files into the input area. Click the Scan button to analyze the text for potential secrets. Review the findings and advice for each detected item. Use the Copy Redacted button to get a share-safe version of your text with secrets masked.
Common Use Cases
Pre-commit checks to scan your code before committing to ensure no secrets are included. Log redaction to mask sensitive tokens in logs before sharing them with support or teammates. Security auditing to quickly audit configuration files for hardcoded credentials.
Pro Tips
Always rotate your credentials immediately if you discover they have been leaked. Use environment variables or secret managers instead of hardcoding secrets in your source code. Enable Include low severity patterns for a more thorough scan, but be prepared for more false positives.