VidBarTools
Install
All tools/Search

Secret Scanner

Runs locally

Drop a folder, drag files in, or pick a directory. We scan every text file locally for leaked API keys, tokens, and credentials.

Drop a folder or files to scan
Detects AWS, Stripe, GitHub, Slack, OpenAI, Anthropic keys and high-entropy strings.

Scan your files for leaked secrets — API keys, tokens, passwords, and private keys — before they end up in a commit or a shared archive. This secret scanner checks your files in the browser, so the sensitive data it's looking for is never uploaded.

How to scan files for secrets

  1. 1Drop in the files or folder you want to check.
  2. 2The scanner matches known secret patterns — API keys, tokens, private keys.
  3. 3Review the findings and remove or rotate anything exposed.

Catch leaks before they ship

Hardcoded credentials are one of the most common and damaging security mistakes — a single committed API key can be exploited within minutes of going public. Scanning your files for known secret patterns before you commit or share them catches these leaks early, and doing it locally means the secrets aren't exposed to yet another service in the process.

Frequently asked questions

What kinds of secrets does the scanner find?
It looks for common patterns like API keys, access tokens, passwords, and private keys across your files, and reports where each match was found.
Are my files uploaded to scan them?
No. The scan runs entirely in your browser — important, since the data being detected is itself sensitive.
What should I do if it finds a secret?
Remove it from the file and rotate the credential (issue a new key and revoke the old one), since an exposed secret should be treated as compromised.