Skip to content
Free tool · runs in your browser

Secret & API Key Leak Scanner

Paste code, an .env file, or logs. We flag leaked Supabase service-role keys, provider tokens, and database URLs — and tell a public anon key apart from a dangerous one. Nothing leaves your browser.

Runs entirely in your browser. Nothing you paste is sent anywhere — no upload, no logging, no account.

Keys leak because they reach the browser.

Suparbase proxies every Supabase request server-side, so your service-role key stays encrypted at rest and never ships to a client.