</> DevKit
🔍

Secret Scanner & Redactor

Scan and redact secrets in logs

🔍 App Screenshot
Download on the App Store

What is Secret Scanner & Redactor?

Secret Scanner & Redactor analyzes text for accidentally exposed secrets: API keys, access tokens, private keys, passwords, and other credentials. Secrets leak into logs, error messages, configuration snippets, and chat messages more often than anyone likes to admit. This tool catches them before they reach unintended audiences.

The scanner uses pattern matching for over 50 known secret formats, including AWS access keys, Google Cloud service account keys, GitHub personal access tokens, Stripe API keys, database connection strings, and private key headers. It also detects generic patterns like high-entropy strings and common password field formats.

How to Use Secret Scanner & Redactor

Paste any text into the scanner: log output, configuration files, code snippets, error messages, or chat transcripts. Tap Scan to analyze the content. The tool highlights each detected secret with a colored annotation showing the secret type and confidence level.

Review the findings to confirm they are genuine secrets rather than false positives. Then tap Redact to replace all detected secrets with masked placeholders (e.g., REDACTED_AWS_KEY). Copy the redacted output and share it safely in bug reports, support tickets, Slack messages, or documentation.

The redaction format is configurable: choose between full redaction, partial masking (showing the first and last few characters), or custom placeholder text.

Common Use Cases

  • Support ticket preparation: Scan log excerpts and error messages before pasting them into support tickets to ensure no credentials are accidentally shared with third parties.
  • Code review safety: Scan pull request diffs and code snippets for hardcoded secrets before discussing them in code review tools or chat channels.
  • Log sharing: Redact secrets from application logs before sharing them with team members, contractors, or external partners for debugging.
  • Incident response: Quickly scan leaked data to identify the types and scope of exposed credentials during a security incident.
  • Compliance auditing: Scan configuration files and deployment scripts to identify any secrets that should be moved to a secrets manager.

Features

  • Detect API keys, tokens, and passwords
  • Pattern matching for 50+ secret types
  • Automatic redaction with configurable masking
  • Support for AWS, GCP, GitHub, Stripe, and more
  • Scan text, JSON, YAML, and log formats
  • Copy redacted output for safe sharing

Related Tools

🔗

Webhook Signature Verifier

Sign and verify webhook HMAC signatures

🔑

JWT Decoder & Verifier

Decode and verify JWT tokens

.*

Regex Tester

Test regular expressions with highlighting

Try Secret Scanner & Redactor on your iPhone or iPad

Download on the App Store