KeyLeakScan

KeyLeakScan is a web app (with a lightweight CLI) that continuously checks for exposed cloud credentials and secrets across the places they actually leak: public GitHub/GitLab repos, paste sites, container images, and build logs. When it finds a likely valid key, it verifies safely (no destructive actions), identifies the owning cloud account/project, and triggers guided remediation: revoke/rotate, backfill least-privilege policies, and open a ticket with exact evidence and timestamps. It also maps the blast radius by correlating the secret to IAM permissions and recent cloud activity, so teams know whether it’s an “oops” or an incident. This is not a generic secret scanner; it’s focused on cloud-account takeover prevention with fast verification and response playbooks. Expect some false positives and occasional rate-limit friction; the value is speed and clarity, not perfection.