// tool reference · Vulnerability & Assessment
Secret Scanner Free
Find hardcoded credentials, API keys and tokens in a blob of text or code.
What it does
Finds hardcoded credentials, API keys, tokens and private keys in code or config before they reach a repository.
When to use it
- Pre-commit review; auditing an inherited codebase; checking a config before sharing it.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| blob | textarea | required | Code or configuration. |
What you get back
Detected secrets by type and location, with remediation.
How it works
Deterministic pattern matching against known credential formats. Offline — your code is not transmitted.
Privacy
Analysed in memory. Not stored. If a real secret is found, rotate it — detection means it existed in plaintext.
Standards
CWE-798 Hardcoded CredentialsOWASP Top 10
Related tools
AI Security Code Reviewer
Defensive SAST: find vulnerabilities in pasted code and how to fix them.
AI Config & IaC Auditor
Paste a Dockerfile, nginx, .env, compose/K8s, Actions or Terraform for ranked misconfigs and fixes.
AI DevSecOps Automation
Explainable CI/CD security gates with an aggregated release verdict.