Discover your secrets before hackers do.

Be notified instantly after a secret, API key, or other credential leaks onto the public internet. Protect your organization from data breaches before they happen.

Secure Your Secrets Now

Security Dashboard

AWS Access Key Active

arn:aws:iam::876543210987:user/SecurityEngineer

First Seen: July 25, 2025
Last Seen: July 27, 2025
GitHub Access Token Revoked

benjamintaylor

First Seen: May 20, 2025
Last Seen: May 20, 2025
OpenAI API Key Active

[email protected]

First Seen: December 5, 2024
Last Seen: December 6, 2024

So far, we have scanned 0 GB of data across the internet.

How SecretScanner.io Works

0. You configure organization markers, for example, domain names and AWS account IDs.

Organization Markers
AWS account ID 643109630515
GitHub org acme-corp
GitHub org acme-oss
Domain name acme.com

1. User accidentally uploads a file containing a secret, exposing it publicly.

Docker Hub
GitHub
Pastebin

2. SecretScanner.io continuously monitors public web platforms for new data

3. All previously unseen objects are downloaded.

4. Downloaded data is recursively decoded, for example decompressed and base 64 decoded

5. Secrets are detected from content

6. Secret metadata is compared with your organization markers

🎉

7. Notification is sent out to your organization about the leaked secret!

Pricing

Our pricing model is as simple as it can get.

$2,000/year

For organizations of all sizes

Protect Your Business

A single data breach can damage your reputation and cost millions. Our automated scanning helps you stay ahead of threats and avoid catastrophic financial losses. Read more

Everything in the Professional plan:

  • Real-time scanning of secrets from GitHub and Docker Hub
  • Detection for a wide range of secrets, including:
    GitHub Access Token GitHub Private Key AWS Access Key Google Cloud Credentials SendGrid API Key OpenAI API Key NPM Access Token Docker Hub Access Token Slack API Token
  • Real-time notifications for MS Teams, Slack, & Discord
  • Daily reporting on data scan volumes
  • Priority support
Sign Up Now

We offer our services for free to open source project organizations.
Contact [email protected] to set up a free account.

Frequently Asked Questions

How is SecretScanner.io different from other security scanners?

Traditional scanners are limited to resources you explicitly define in scope, like your own GitHub repositories. This approach misses secrets that leak into unexpected public locations.

Our platform works differently by continuously scanning certain high-risk platforms on the public Internet. Instead of defining a narrow scan scope, you provide "organization markers" (e.g., your AWS account IDs or company domains). When we find a matching secret anywhere online, we notify you.

Furthermore, our AI-powered engine uses advanced content decoding to find secrets that other tools miss. It automatically detects and unpacks multiple layers of encodings (like Base64, ZIP, and GZIP), ensuring comprehensive discovery even within complex files like application binaries.

What platforms do you scan?

We provide real-time scanning for public data on GitHub and Docker Hub, two of the most common sources for accidental secret leaks.

  • GitHub: We scan all new public commits and releases.
  • Docker Hub: We scan all newly pushed public image layers.

We are continuously expanding our coverage, with support for Pastebin, the iOS App Store, and the Google Play Store planned for late 2025.

What types of secrets do you detect?

We currently detect a wide range of high-risk secrets, including:

  • GitHub Access Token
  • GitHub Private Key
  • AWS Access Key
  • Google Cloud Credentials
  • SendGrid API Key
  • OpenAI API Key
  • NPM Access Token
  • Docker Hub Access Token
  • Slack API Token

Can I request support for a new secret type?

Yes. We continuously expand our detection capabilities based on customer feedback and emerging threats. If you need a specific secret type monitored, please contact our team at [email protected] to discuss your requirements.

How quickly am I notified after a secret is exposed?

Our scanning cluster is designed to process new data as quickly as possible. For smaller files (<128 MB), notifications are typically sent within 15 minutes. Larger files may take longer to process, up to several days.

While our standard service does not include a formal Service Level Agreement (SLA) on detection times, custom SLAs are available. Please contact [email protected] for more information.

Will I be notified about secrets that leaked before I signed up?

Yes. Our system archives findings from its continuous scans. If we have previously discovered a secret matching your organization, you will be notified within 1-2 hours of configuring your markers, allowing you to address historical leaks immediately.

Are there any limits on alerts?

No. Our annual plan includes unlimited alerts. We believe in providing complete visibility without penalizing you for active remediation.

Can I see proof of your scanning activity?

Absolutely. Once you sign up, you have access to a dashboard that provides 30-day overview of our scanning operations, updated in real time. You can view key metrics for each platform, including total data scanned (in terabytes), objects scanned, and valid secrets found.

How quickly can I get started?

You can be up and running in under five minutes. Simply click "Sign Up," create your account, configure your organization markers and notification channels, and our scanners will begin protecting your organization immediately.

Do you offer free trials?

Absolutely. We offer a free, no-obligation trial so you can experience the full capabilities of our platform and see its value for yourself. Please contact us at [email protected] to request your trial.