Does this tool upload my secrets to a server?

No. All scanning runs in your browser using JavaScript pattern matching. No data is sent to any server.

What types of secrets can it detect?

AWS access keys, GitHub tokens, Stripe keys, Google API keys, Slack tokens, database connection strings, private key blocks, and generic password/secret/token assignments.

.env Secret Scanner — Find Exposed Secrets

You need to check a configuration file or code snippet for accidentally exposed secrets before committing to Git or sharing with a colleague. This tool scans text for API keys, passwords, tokens, database URLs, and private keys using pattern matching — entirely in your browser.

Why Scanning Locally Matters

Pasting code that contains secrets into online tools is itself a security risk. If the tool sends your input to a server, your secrets are now exposed to a third party. This scanner runs entirely in your browser — no data is transmitted. The patterns are matched using regular expressions in JavaScript on your device.

What Gets Detected

The scanner checks for over 20 secret patterns across major providers:

AWS: Access Key IDs (AKIA...), Secret Access Keys
GitHub: Personal Access Tokens (ghp_), OAuth tokens (gho_), App tokens
Stripe: Secret keys (sk_live_, sk_test_), Publishable keys
Google: API keys (AIza...), OAuth client secrets
Slack: Bot tokens (xoxb-), User tokens (xoxp-)
Database URLs: PostgreSQL, MySQL, MongoDB, Redis connection strings with embedded credentials
Private Keys: RSA, EC, DSA, and OpenSSH private key blocks
Generic patterns: password=, secret=, api_key=, token=, auth= assignments

How It Works

Paste your .env file, code snippet, or log output into the input area
The scanner matches each line against known secret patterns
Results show the line number, secret type, severity level, and a masked preview
Use “Copy Redacted” to get a version with all secrets replaced by [REDACTED]

Frequently Asked Questions

Does this tool upload my secrets anywhere? No. All scanning happens in your browser using JavaScript regular expressions. No network requests are made with your input data.

Can it detect custom secret formats? The scanner covers 20+ common patterns from major cloud providers and services. Custom or proprietary key formats may not be detected — always review results manually.

What’s the difference between this and the API Key Detector? The .env Secret Scanner is optimized for configuration files and environment variables. The API Key Detector focuses on secrets embedded in source code strings across multiple programming languages.

.env Secret Scanner

Why Scanning Locally Matters

What Gets Detected

How It Works

Frequently Asked Questions

Related Tools

More Security & Privacy Tools