Scan your repos for exposed API keys
Connect your GitHub account to scan repositories for accidentally committed API keys, tokens, and secrets. VaultProof will find them and help you rotate and secure them.
By connecting GitHub, you authorize VaultProof to read your repository contents and create pull requests on your behalf. VaultProof will never modify your default branch directly. You are responsible for reviewing and merging any changes. Only scan repositories you own or have permission to scan.
Privacy: Your code is scanned in VaultProof's secure edge environment. No code is stored — only detected key patterns and file locations are saved as findings.
Connecting to GitHub...
Exchanging credentials and encrypting your token. This takes a few seconds.
Scanner
BetaScan History
Scan Results
Total Found
0
Active
0
Revoked
0
Unknown
0
Scanning repository for exposed keys...
This may take 10-30 seconds
Scanning repository...
Connecting to repository...
Code Findings
Allowlist (False Positive Management)
No allowlist entries yet.
Keys found in git commit history
These keys were found in git commit history. Even after removing from code, they remain visible to anyone who clones this repo. Take action below for each key.
API Keys Found
Code Changes Needed
Keys also found in git history
Even after migration, keys in git history remain visible. Rotate them at the provider dashboard after merging.
Selected keys will be securely stored. A PR will be created with all code changes.
Migrating to VaultProof...
Migration Complete
Code changes are ready. Now store your keys and update your environment variables before merging.
Store your API keys
The following keys need to be stored securely in VaultProof. Use the Keys page to store each one.
Open Keys PageUpdate your environment variables
Before you merge the PR, update these in your hosting platform.
Remove these
Add this
Keep these (not affected)