I have a list of api keys that are used to submit data to a project I own. I would like to search all public repo’s to see if a client has accidentally published secrets for my project. Do you know of a feature or tool that would help me solve this problem?
Hi there! Welcome to the Community!
We do have a secret scanning service, but it’s more aimed at service providers rather than individual developers - you can read about it here:
Other than that, you could potentially run searches yourself. You need to be aware of what gets indexed to search and what doesn’t:
Maybe other members of the community know about third party services that may be able to help?
Thanks for the input. I’m asking on behalf of the company I work for. I expect that what we are looking for is likely a 3rd party service that will look at the firehouse of some of our client’s public GH accounts looking for our keys.