Subscribe
Sign in
HasMySecretLeaked — Check if your secrets and API keys have leaked on GitHub.
HasMySecretLeaked helps developers check if their secrets (API keys, credentials) have been compromised by searching across 20+ million leaks in public GitHub repositories, gists, and issues.
31
Replies
flo merian
Hunter
📌
hey Product Hunt! what do Google, GitLab, and OpenAI API keys have in common? they've all been found exposed on GitHub.
dev security startup GitGuardian has just released HasMySecretLeaked to help you and fellow devs check if your secrets have leaked on GitHub (in code, gists, and issues).
it's just like Have I Been Pwned but for API keys.
think your secrets are safe? go to gitguardian.com and take the test :)
Share
@fmerian Thanks for finding us! Securing secrets is tough, and leaks happen at unexpected times, and in places you don't control. Since 2017, GitGuardian has been on a mission, scanning over 1 billion commits on GitHub every year and revealing millions of exposed secrets and API keys.
If you're a dev or a security engineer, HasMySecretLeaked is for you! It helps you check if your organization’s credentials and API keys have leaked on GitHub repos, gists, and issues.
Unlike traditional approaches, HasMySecretLeaked is not about scanning; it's all about bringing auditability to every secret. It tracks secrets from your vaults and .env files to public GitHub, providing insights into leaks and their locations.
Let's flip secrets security on its head! Visit gitguardian.com/hasmysecretleaked and check if your secrets are safe and sound!
@fmerian @sentry_co 👋 GitHub has its own secrets scanning feature, but it doesn't prevent/block others from doing the same on the platform. Competition fosters innovation!
If I understood correctly.... to know whether my secret has leaked, I have to give my secret to this site, eh?
I know GitGuardian is a known and reputed name, but still....
Hey @vicky_buddie 👋 Our engineers came up with an intelligent way to know whether your secret has leaked... without needing to see it :) You have to hash it and send a prefix of the hash, and GitGuardian will take care of the rest. If you want to learn more about how this works, read our engineering blog post: https://blog.gitguardian.com/has....
Oh just API keys!!
I’m relieved I thought something else 🤣
On serious note, this is a good one.
I am curious to know how it works.
Just API keys @vijayatech_labs, not your other secrets 😃
We have detailed the inner workings of HasMySecretLeaked in this engineering blog post: https://blog.gitguardian.com/has.... Let us know what you think!
Has happened before with one of my team's developer. I have seen similar services but this one seems more useful as it is focused on git only. Well done! 🚀 Congratulations on the launch!
Thank you for the kind words @naveed_rehman! We might also include new sources, such as open-source packages from popular registries like PyPI, npm, and more!
@david_sipos Thank you for recognizing our efforts! I'm interested to know if using such tool to secure your development lifecycle resonate for your customers as a freelance full stack developer?
Congratulations on the release of HasMySecretLeaked!💥
HasMySecretLeaked is our security guard that tracks secrets and provides information about leaks and their location. This functionality is a must-have💯, even if you are not a developer or security engineer
@antonikozelski thanks for your kind words. Out of curiosity, how do you see HasMySecretLeaked impacting your daily workflow or security practices?
What could be the best practice after finding that the secret key has been leaked?
I have something for you @emilio_guardian, check out this guide: https://blog.gitguardian.com/wha....