KeyLeakRadar

KeyLeakRadar is a web app (with optional CLI) that continuously hunts for exposed cloud credentials and sensitive config across the places teams actually leak them: GitHub/GitLab repos, CI logs, container images, paste sites, and public object storage. It validates findings safely by attempting low-risk “canary” checks (e.g., STS identity calls) and then auto-guides remediation: revoke/rotate keys, open PRs to remove secrets, and add guardrails to prevent repeats. It also maps each leaked secret to blast radius by correlating with cloud IAM permissions and recent usage, so teams know what to fix first. This is not a magic AI security product; it’s a focused leak-detection and response workflow that reduces time-to-revoke from days to minutes. AI is used only for triage, deduping, and writing clear remediation steps, not for core detection.