API-Key Leak-Detektor — Kostenloses Online-Tool
Scanne Texte oder Dateien nach geleakten API-Keys — 20+ Anbieter
Finde geleakte OpenAI, Anthropic, AWS, GitHub, Stripe, Google API-Keys und Tokens in Texten. Sicherheitsscanner, 100% client-seitig. Ohne Anmeldung.
📚 Mehr erfahren
Free API key leak detector — 20+ providers, 100% private
Toololis API Key Leak Detector scans text for leaked credentials from 20+ providers. Perfect for code review, commit auditing, or verifying that a text sample (like a bug report) doesn\'t contain real keys. Everything runs in your browser.
How to use this tool
- 1
Paste text or code
Any text — code snippets, config files, commit diffs, chat logs, emails.
- 2
Review detected leaks
Each found key shows provider, severity, and risk. Click to highlight in text.
- 3
Rotate leaked keys immediately
If a key is confirmed leaked — rotate it NOW at the provider dashboard. Old keys are already in Git history + third-party logs.
Detected providers + formats
- OpenAI:
- sk-..., sk-proj-...
- Anthropic:
- sk-ant-...
- AWS:
- AKIA[0-9A-Z]16
- GitHub:
- ghp_, gho_, ghu_, ghs_, ghr_ (36 chars)
- Stripe:
- sk_live_, sk_test_, pk_live_, pk_test_
- Google:
- AIza... (39 chars)
- Slack:
- xoxb-, xoxp-, xoxa-
- SendGrid:
- SG.[21 chars].[43 chars]
- JWT tokens:
- eyJ[base64].eyJ[base64].[signature]
⚠️ If you found a leaked key
- Rotate immediately at the provider dashboard — don\'t just delete from code
- Audit logs for unauthorized use during the leak window
- Check Git history: key is likely in old commits — use
git filter-repoor BFG to purge - Neintify affected users if customer data was potentially accessed
- Add secret scanning to your CI/CD pipeline to prevent recurrence
Frequently Asked Questions
Which API keys does this detect?
Is this data sent anywhere?
False positives?
What if I found a leaked key?
Can I scan Git history?
git log -p | [this tool] after copying output, or tools like truffleHog / gitleaks for automated Git scanning.Do you detect passwords too?
password=, PASSWD, DB_PASS).Wichtigste Punkte
- API Key Leak Detector is a free, browser-based developer tool — scan text or files for leaked api keys — 20+ providers.
- Nein signup, no downloads, no file uploads — your data stays on your device.
- Works on desktop, tablet, and mobile. Install as a PWA for offline access.
How to Use API Key Leak Detector
- Open the tool: Launch API Key Leak Detector on Toololis — no account or download needed.
- Enter your data: Paste text, enter values, or select a file directly in your browser.
- Get instant results: Everything is processed locally — results appear immediately.
- Copy or download: Save your output or share it. Bookmark for quick access next time.
API Key Leak Detector — Quick Facts
- Preis
- Kostenlos — keine Limits, kein Wasserzeichen, keine Paywall
- Privatsphäre
- 100% browser-basiert — keine Daten verlassen dein Gerät
- Plattform
- Jeder moderne Browser — Desktop, Tablet, Mobil
- Kategorie
- Entwickler Tools on Toololis
- Offline
- Works offline after first visit (Progressive Web App)
| Merkmal | Details |
|---|---|
| Tool | API Key Leak Detector |
| Kategorie | Entwickler |
| Anmeldung nötig | Nein |
| Datei-Upload | Keine — wird im Browser verarbeitet |
| Mobile-Unterstützung | Voll responsive |
| Kosten | Für immer kostenlos |
Why Use API Key Leak Detector?
You should try API Key Leak Detector for a quick, private way to scan text or files for leaked api keys — 20+ providers. All processing happens in your browser. Your files and data never leave your device. According to web.dev, client-side processing is the gold standard for privacy.
On the other hand, dedicated APIs or desktop tools suit batch processing better. They also handle server-side automation. For everyday tasks, browser tools offer the best speed, privacy, and convenience.