tools / secret-scanner
Secret Scanner
Scan pasted logs, env snippets, configs, and stack traces for likely tokens, keys, credentials, and redaction gaps.
3 signals detected. Start with aws secret-like key.
AWS secret-like key
AWS credential material may be present.
Rotate the key if it left a trusted boundary and replace it with a redacted placeholder.
API key-like token
An API key or provider token may be present.
Revoke or rotate exposed keys and scrub logs, screenshots, and fixtures.
Database URL with credentials
A connection string may include username, password, host, and database.
Rotate passwords and redact username, password, host, and database name before sharing.
AWS_SECRET_ACCESS_KEY=abcd1234
DATABASE_URL=postgres://user:pass@example/db
sk-live-1234567890abcdef
DebugTools product
Secret Scanner
Secret Scanner is a focused DebugTools mini-product for developers. Scan pasted logs, env snippets, configs, and stack traces for likely tokens, keys, credentials, and redaction gaps.
Use cases
- Scan logs and config snippets before sharing them publicly.
- Find likely API keys, tokens, cookies, private keys, and database URLs.
- Create safe placeholders while preserving enough shape for debugging.
How it works
- Paste or load the snippet you want to inspect in Secret Scanner.
- Run the tool in the browser and review the highlighted output.
- Copy, export, or turn the result into the next debugging step.
Privacy
- Secret Scanner is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.
This tool history
Recent Secret Scanner sessions
Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.