Secret Detection

Find hardcoded API keys, passwords, and credentials before they leak.

200+ Secret Patterns

Lookout detects secrets from major cloud providers, payment processors, and services:

Cloud Providers

  • AWS Access Keys
  • Google Cloud Service Accounts
  • Azure Credentials
  • DigitalOcean Tokens

Services

  • Stripe API Keys
  • GitHub Tokens
  • Slack Webhooks
  • Twilio Credentials

Git History Scanning

Secrets removed from current code may still exist in Git history. Lookout scans:

  • All commits in history
  • Deleted files
  • Reverted changes
  • Stale branches

Auto-Remediation

When Lookout finds a secret, Shipwright can:

  • Replace with environment variable reference
  • Add to .env.example (without value)
  • Add pattern to .gitignore
  • Generate rotation instructions

Ready to Scan?

Get your first security scan free.

Scan Now