Quick answer
The scanner looks for common patterns: password=, api_key=, Bearer tokens, AWS keys, private key headers.
Potential Secret Found
The scanner looks for common patterns: password=, api_key=, Bearer tokens, AWS keys, private key headers. If found, treat as a reminder to avoid committing real secrets.
Common causes
- Committing config or logs that contain credentials.
- Pasting real secrets into the scanner (do not do this).
How to fix
- Use environment variables or a secrets manager; do not commit secrets.
- Rotate any exposed credentials immediately.
- Use the scanner on sample or sanitized content only.
FAQ
- Does the scanner store my content?
- No. Content is processed in memory and not stored.
- Should I paste real secrets?
- No. Use sample data to test; never paste real credentials.
Fix it now
Try in validator (prefill this example)