~/envtools
.env · security🔥 popular

ENV Leak Checker

Scan your .env file for exposed AWS keys, Stripe secrets, GitHub tokens, and 50+ other sensitive patterns. Runs locally.

Be the first to rate
17 patterns
4 potential leaks detected
4
high
0
medium
AWS Access Keyline 1
AKIAXXXXXXXXXXXXXXXX
Stripe Live Secretline 2
sk_live_XXXXXXXXXXXXXXXXXXXXXXXX
GitHub Tokenline 3
ghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
OpenAI API Keyline 4
sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX

What it does

  • Detects AWS, Stripe, GitHub, Google, OpenAI, Anthropic, Slack secrets
  • Flags private key blocks and JWTs
  • Severity scoring for each detection
  • Regex patterns run entirely in your browser
  • Copy a safe report without the actual secret values

Privacy

Runs 100% in your browser. Your .env never touches our servers.

client-side only

Usage examples

Case 1 · AWS + Stripe leaks
AWS_ACCESS_KEY_ID=AKIAXXXXXXXXXXXXXXXX
STRIPE_SECRET=sk_live_XXXXXXXXXXXXXXXXXXXXXXXX
DATABASE_URL=postgres://localhost
✗ line 1  HIGH  AWS Access Key
✗ line 2  HIGH  Stripe Live Secret
✓ line 3  clean
Case 2 · OpenAI + GitHub
OPENAI_API_KEY=sk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
GITHUB_TOKEN=ghp_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PORT=3000
✗ line 1  HIGH  OpenAI API Key
✗ line 2  HIGH  GitHub Token
✓ line 3  clean
Case 3 · Clean file
# App config
NODE_ENV=production
PORT=3000
LOG_LEVEL=info
✓ No known secrets detected.
  3 lines scanned, 17 patterns checked.

When to use this tool

  • Before pasting an .env into Slack, Discord, or a support ticket
  • Pre-push check to make sure no live secrets slipped into a branch
  • Incident response — quickly confirm which known secrets are in a leaked file
  • Auditing a teammate's .env.local before they join a codebase
  • Sanity-checking CI/CD environment dumps for accidental exposure

Common mistakes

  • Assuming a clean scan = safe: the scanner only catches known patterns, not custom secrets
  • Leaving the masked view off when sharing the report — use the mask toggle first
  • Trusting test-mode Stripe keys (sk_test_): still don't paste them publicly, they touch your test account
  • Missing private-key blocks because they span multiple lines — the scanner handles this, but hand-editing after detection often breaks quoting

ENV Leak Checker — scan for exposed secrets

Before you push a .env to a teammate or paste it into a ticket, run it through this leak checker. It matches 15+ known secret patterns — AWS access keys, Stripe live secrets, GitHub personal access tokens, OpenAI keys, and private key blocks — and flags every match with a severity level.

Scans run locally using regular expressions, so your secrets never hit a server. For repo-wide scanning, pair this with trufflehog or gitleaks in CI.

Related tools

ENV Validator
Paste .env, catch every bug
Secret Generator
Crypto-strong random secrets
ENV Cleaner
Strip the noise from .env

Learn more

guide · 8 min
10 .env best practices every team should follow
Battle-tested rules for .env files: what to commit, what to rotate, how to structure secrets across dev, staging, and production, and the common mistakes that cause outages.
guide · 9 min
How to fix .env file errors (complete troubleshooting)
The 12 most common .env file errors — missing values, duplicate keys, bad quotes, encoding issues, case sensitivity — with exact fixes for each.
coming soon

Get notified when env syncing launches

We're building a tiny tool to keep .env files in sync across teammates and environments. Leave your email — no spam, just a single launch ping.