Secret Scanner
Scan text for leaked API keys, tokens, and credentials. Highlights matches by severity and generates a redacted copy — all in your browser.
About This Free Online Secret Scanner
Our free secret scanner checks pasted text — code, .env files, config snippets, logs, or chat exports — for accidentally exposed credentials before you share them. It runs over 25 regex-based detectors covering cloud provider keys (AWS, Google, Azure), developer platform tokens (GitHub, GitLab, npm, PyPI), payment and messaging API keys (Stripe, SendGrid, Slack, Discord, Twilio, Shopify, Square, Mailgun), private key blocks, database connection strings, URLs with embedded credentials, JWTs, bearer tokens, and generic key/password assignments. Matches are highlighted directly in your text and color-coded by severity (critical, high, medium), with a summary table showing the type, count, and a partially masked example of each finding. A redacted copy — with every match replaced by a labeled placeholder — is generated automatically so you can copy or download a safe version. Everything runs locally in your browser; nothing you paste is ever uploaded or stored.
Features of Our Secret Scanner
- Over 25 regex detectors for API keys, tokens, and credentials
- Covers AWS, Google, Azure, GitHub, GitLab, Stripe, Slack, Discord, Twilio, and more
- Detects private key blocks, database connection strings, and JWTs
- Highlights every match inline, color-coded by severity
- Summary table grouped by secret type with masked examples
- Generates a redacted copy with labeled placeholders for safe sharing
- 100% private — scanning happens entirely in your browser
How to Use the Secret Scanner
Using this tool is simple and requires no signup or registration. Follow these steps:
- Paste code, a .env file, config, logs, or any text into the input box.
- Matches are highlighted instantly and color-coded by severity (critical, high, medium).
- Check the summary table to see what types of secrets were found and how many of each.
- Copy or download the redacted output, which replaces every secret with a labeled placeholder.
Frequently Asked Questions About Secret Scanner
What types of secrets does this tool detect?
It checks for over 25 patterns including AWS access keys, Google API keys, Azure storage connection strings, GitHub and GitLab tokens, npm and PyPI tokens, Stripe/SendGrid/Mailgun/Twilio/Shopify/Square keys, Slack and Discord tokens, private key blocks, database connection strings, URLs with embedded credentials, JWTs, bearer tokens, and generic "key = value" style secrets.
Is my text uploaded anywhere?
No. All scanning, highlighting, and redaction happen locally in your browser using JavaScript. Nothing you paste is ever sent to a server, logged, or stored.
What does the severity level mean?
Critical matches are high-confidence, high-impact credentials like cloud provider keys, private key blocks, and platform access tokens. High covers service-specific tokens and connection strings. Medium covers things like JWTs, bearer tokens, and generic key/password assignments that may need manual review.
How does the redacted output work?
Every detected secret is replaced with a placeholder like [REDACTED_AWS_ACCESS_KEY] or [REDACTED_GENERIC_SECRET], so you can safely share the redacted text without exposing the original values.
Can this tool guarantee my text has no secrets?
No automated scanner can guarantee 100% detection — this tool uses pattern matching and may miss custom or unusual secret formats, or occasionally flag harmless text that looks like a secret. Always review the highlighted matches before sharing sensitive text.
Is this tool free to use?
Yes, completely free with no signup, no limits, and no usage tracking.
Why Choose Text Toolbox?
Text Toolbox provides free, private, and instant online text tools. Unlike other text utility websites that require signup accounts or send your data to servers, all our tools process your text entirely in your browser. This means your content never leaves your device — we cannot see it, store it, or share it. Our tools are fast, lightweight, and work on any device with a modern web browser.