Free tools
Free credential exposure checkers
Pick what you want to check — every scan is free, instant, and mapped to SOC 2 / HIPAA.
Are your AWS keys exposed?
Check a repo or .env for exposed AWS access keys (AKIA…), secret keys, and over-permissive IAM in ~60 seconds. Free, no signup.
Did you leak a Stripe secret key?
Find leaked Stripe secret keys (sk_live…) and webhook secrets in your code or config. Free instant scan, mapped to SOC 2.
Scan for exposed GitHub tokens
Scan for exposed GitHub personal access tokens (ghp_…) and OAuth tokens that hand attackers your repos. Free, ~60s.
Is your OpenAI API key exposed?
Check for exposed OpenAI, Anthropic, and other LLM API keys (sk-…) being drained in your repos. Free instant scan.
Scan your .env file for secrets
Drop in a .env file and instantly see every exposed secret — API keys, passwords, tokens — with a risk score. Free, no signup.
Find exposed database credentials
Find exposed database connection strings and passwords (Postgres, MySQL, Mongo, Redis) in your code. Free instant scan.
Scan Dockerfiles for hardcoded secrets
Scan Dockerfiles and docker-compose for hardcoded secrets, baked-in keys, and credentials in build args. Free, ~60s.
Detect exposed private keys
Detect exposed private keys (.pem, .key), SSH keys, and certificates committed to your repos. Free instant scan.
SOC 2 secret scanning, the practical version
What auditors expect for secret management under SOC 2 — plus a free scan that maps every finding to the relevant controls.
HIPAA credential exposure check
Check whether exposed credentials put PHI at risk under HIPAA. Free scan mapped to the relevant safeguards.
Is your JWT signing secret exposed?
Find exposed JWT signing secrets that let attackers forge tokens and impersonate any user. Free instant scan.
Find secrets leaked in CI/CD configs
Scan CI/CD configs (GitHub Actions, GitLab CI, CircleCI) for hardcoded secrets and exposed deploy credentials. Free.