Are your AWS keys exposed?

Leaked AWS access keys are the #1 cause of surprise five-figure cloud bills and data-exfiltration incidents. Paste a repo or .env and GhostCred flags exposed AKIA keys, secret keys, session tokens, and risky IAM patterns in about a minute.

What this checks

• ✓Hardcoded AWS access key IDs (AKIA…) and secret access keys
• ✓Long-lived keys committed to git history or .env files
• ✓Over-permissive IAM policies and wildcard actions
• ✓Session tokens and temporary credentials left in config

Why it matters

A single exposed key can let an attacker spin up resources, read your S3 buckets, or rack up massive charges before you notice. Rotating after a breach is far more expensive than catching it first.