KeyHawk

KeyHawk is a web app (with optional GitHub/GitLab app) that continuously hunts for exposed API keys, tokens, and credentials across the places teams actually leak them: source repos, CI logs, build artifacts, container images, paste sites, and internal wikis. When it finds a likely secret, it validates it safely (non-destructive checks), identifies the owning service, and triggers fast remediation: open a ticket, notify Slack, and guide rotation with provider-specific steps. It also maps “blast radius” by linking each key to the API endpoints and permissions it can access, so teams can prioritize the scary leaks first. This is a combination traditional + AI app: traditional detection/verification pipelines plus AI to classify false positives, dedupe findings, and generate tailored rotation/runbook instructions. It’s not a full API security platform; it’s a focused, high-signal leak response tool.