Secret & Credential Scanner · Free

Secret Scanner: detect leaked
API keys and credentials
before production.

AquilaX Secret Scanner scans every commit, branch, and file for API keys, passwords, tokens, SSH keys, and cloud credentials — with entropy analysis and AI context validation to eliminate false alarms. Free on every plan.

Start Free — No Credit Card → Book a Demo
Compliance standards
PCI DSS ISO 27001 SOC 2
Secrets — src/config.py · .env · k8s/secrets.yaml
# src/config.py · line 12 AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfi..." # .env · line 4 STRIPE_SECRET_KEY=sk_live_51H7xY... # k8s/secrets.yaml · line 9 password: cGFzc3dvcmQxMjM= ← base64
AWS Secret Key — src/config.py:12 Critical
Stripe Live Key — .env:4 Critical
Base64 Password — k8s/secrets.yaml:9 High
GitHub Token — CI script Reviewed ✓
🧠 Securitron AI — Secrets Triage
143 entropy hits → 3 real secrets · Rotation steps generated
400+
secret types
3
leaked
Free
plan
57BLines Scanned
·
31M+Vulnerabilities Found
·
93.54%False Positives Eliminated
·
<120sScan Completion
·
32Parallel Scanners
·
153KApps Protected
·
300+Active Developers
·
57BLines Scanned
·
31M+Vulnerabilities Found
·
93.54%False Positives Eliminated
·
<120sScan Completion
·
32Parallel Scanners
·
153KApps Protected
·
300+Active Developers
·
What We Detect

Secrets detection across 800+ secret types.
Zero missed.

From AWS keys to custom internal tokens — AquilaX recognises over 400 distinct secret patterns, with entropy analysis for unknown formats.

☁️

Cloud Provider Keys

AWS access keys and secret keys, GCP service account JSON, Azure client secrets, DigitalOcean tokens, and Cloudflare API keys — all detected with provider-specific pattern matching.

AWS
GCP · Azure
Live
Key Verify
💳

Payment & SaaS Keys

Stripe live/test keys, Twilio auth tokens, SendGrid API keys, Slack bot tokens, GitHub personal access tokens, and hundreds of other SaaS platform credentials.

Stripe
Twilio
200+
SaaS types
🔑

Certificates & SSH Keys

Private RSA, EC, and DSA keys, PEM-encoded certificates, PKCS#12 keystores, and SSH host key pairs — detected even when base64-encoded or embedded in configuration files.

RSA
EC · DSA
PEM
PKCS#12
🗄️

Database Credentials

Connection strings containing passwords for PostgreSQL, MySQL, MongoDB, Redis, Elasticsearch, and others — in .env files, config files, Kubernetes secrets, and Helm values.

PostgreSQL
MySQL
MongoDB
Redis
🎫

Tokens & JWTs

JSON Web Tokens with weak signing keys, bearer tokens, OAuth client secrets, and custom authentication tokens — with entropy-based detection for formats without known patterns.

JWT
OAuth
Entropy
Analysis
📜

Git History Scanning

Secrets committed and then deleted are still in your git history. AquilaX scans the full commit history — not just the current branch — to surface secrets that were thought to be removed.

Full
History
All
Branches
Built For Every Team

Secret Scanner & API key scanning —
free for everyone.

Secret scanning is available on the free plan — because no team should ship with leaked credentials.

🚀

Startups & Solo Devs

Start protecting your repos in 60 seconds with the free plan. No credit card, no configuration. AquilaX scans every commit automatically — even on private repos.

🔒

Security Teams

Set custom secret patterns for internal tokens. Configure notification webhooks for Slack, PagerDuty, or JIRA. Get alerts the moment a secret enters any monitored repository.

🏦

Regulated Industries

Meet PCI DSS Requirement 6.4.3 and ISO 27001 A.9.4. Auto-generate audit evidence reports showing secret scanning coverage across your entire codebase.

Secret Scanning · Free Forever

Start scanning for
secrets — free.

Connect your repo in 60 seconds. Secret scanning is free on every plan — forever. No credit card required.

Get Started Free → Book a Demo
Free forever No credit card Unlimited scans All repos