Secret Scanner

Detect API keys, tokens, and private keys in pasted text or config files — with masked previews.
Back to tools
How to use
  • Paste your text/config or upload a file, then click Scan.
  • Findings are masked (we never display full secrets in the UI).
  • Use Redacted output to copy a safe-to-share version.
  • Download JSON stays active for 6 minutes after scan.
1
Tip: paste .env, YAML, JSON, logs, or any config. Nothing is stored.
Up to 1MB. Supported: .env/.yml/.json/.conf/.log/.pem/.key … (Uploaded file always has priority)
Safety: The UI always masks findings. If you believe a secret was exposed, rotate/revoke it immediately.
Total: 0 Critical: 0 High: 0 Medium: 0 Low: 0
Download JSON
No results yet. Paste text or upload a file, then scan.