Secrets Detection
Scan every file and commit pattern for API keys, tokens, and credentials that should never be public.
CLASSIFIED MEMO: Accidentally pushing an API key or database credential to a public repository can be catastrophic. The Secrets Detection tool acts as your last line of defense, scanning your codebase for high-entropy strings and recognizable key formats from hundreds of providers. It ensures that sensitive data stays in your environment variables, not your source code.
Threat Vectors Detected
- Cloud provider keys (AWS/GCP/Azure)
- Database connection strings
- Third-party API tokens (Stripe, Supabase, OpenAI, etc.)
- Private keys/certificates
- Hardcoded passwords
- Secrets in config files and committed .env files
Incident Report
Severity: Critical
Title: Stripe Secret Key Found in Client-Side Code
Description: A Stripe secret key (sk_live_...) was found hardcoded in a frontend React component, exposing it to anyone viewing the compiled source code.
Required Action: Remove the key immediately, rotate it in your Stripe dashboard, and move the billing logic to a secure backend endpoint.
Make Secrets Detection a mandatory check before publishing any code to a public repository or deploying to production. It gives you peace of mind that no sensitive credentials are slipping through the cracks.
DECRYPT PROJECT