Show HN: API key leak scanner – finds and shows credentials in your codebase
github.comSimple CLI tool, one Python file, no setup. Point it at a repo and it finds leaked API keys (OpenAI, Anthropic, AWS, GitHub, Stripe, etc.) and gives you the direct link to revoke each one.
Built it because I kept generating code with AI assistants and worrying
about keys ending up in the wrong place. Its offbrand TruffleHog.I believe another approach is to detect high-entropy strings rather than using a hard-coded list of prefixes. I’m curious about the rate of false positives, though: just because there’s - say - a hash or a GUID doesn’t mean it’s credentials. Combining both approaches would potentially work well.