Searching for secrets accross all public repo's

I have a list of api keys that are used to submit data to a project I own. I would like to search all public repo’s to see if a client has accidentally published secrets for my project. Do you know of a feature or tool that would help me solve this problem?

Hi there! :wave: Welcome to the Community!

We do have a secret scanning service, but it’s more aimed at service providers rather than individual developers - you can read about it here:

https://docs.github.com/en/developers/overview/secret-scanning

Other than that, you could potentially run searches yourself. You need to be aware of what gets indexed to search and what doesn’t:

https://docs.github.com/en/github/searching-for-information-on-github/searching-code#considerations-for-code-search

Maybe other members of the community know about third party services that may be able to help?

1 Like

Thanks for the input. I’m asking on behalf of the company I work for. I expect that what we are looking for is likely a 3rd party service that will look at the firehouse of some of our client’s public GH accounts looking for our keys.