Credentials & Secrets // Detector
Find API keys and secrets in your files
FileSentinel finds API keys, tokens, and secrets sitting in code, config, and exports so they can be rotated before they end up somewhere public.
What it detects
What FileSentinel finds
FileSentinel detects high-entropy tokens and known key formats, including the prefixed keys many platforms issue, across source code, configuration, and document files. Each finding is scored so a live secret outranks a placeholder or example value.
Where it hides
- Source code and scripts
- Config and .env files
- Text and Markdown docs
- Archives and exports
// RESULTS — findings scored by confidence and severity
Why it matters
The risk of leaked API keys
A leaked API key can hand an attacker your cloud bill, your customer data, or your production systems. Keys end up pasted into scripts, committed to repos, and copied into config files that get shared or backed up.
- Source code and notebooks with hardcoded tokens
- Config and .env files copied between machines
- CI/CD and deployment scripts
- Exports, backups, and documentation
How FileSentinel handles it
Built-in detection, scored and local
FileSentinel reads inside your files on your own machine, flags API keys with a confidence and severity score, and helps you remediate. Built-in detectors cover the common cases, and a custom rule builder lets you add plain-text or regex detectors for anything specific to your work.
Score
Every finding gets a confidence and severity score, so real API keys rise above coincidental matches.
OCR
With OCR on, FileSentinel reads text inside images and scanned PDFs, catching API keys in screenshots and scans.
Remediate
Redact values, mark false positives, or export a CSV, HTML, or PDF report, then share with confidence.
Private by design
Your files never leave your PC
Scanning, OCR, and remediation all happen on-device. FileSentinel makes no network connections to do its work, so the very data you are trying to protect never has to leave your machine to be checked. No server, no cloud, no upload step.
More FileSentinel scanners
Find and clean more sensitive data
Questions & answers
Find API keys FAQ
How do I find api keys & secrets in my files on Windows?
Install FileSentinel from the Microsoft Store, point it at a folder or drive, and start a scan. FileSentinel reads inside your files, flags api keys & secrets, and scores each finding by confidence and severity so the real risks rise to the top.
Is scanning for api keys & secrets private?
Yes. FileSentinel runs entirely on your device. Scanning, OCR, and remediation all happen locally with no uploads and no cloud, so the data you are trying to protect never has to leave to be checked.
Will FileSentinel flag placeholder keys like YOUR_API_KEY_HERE?
FileSentinel scores findings by confidence, weighing entropy and format, so live secrets rank above obvious placeholders. You can mark any example value as a false positive to keep future scans clean, and add custom rules for your own key formats.
What file types does FileSentinel check for api keys & secrets?
FileSentinel reads inside documents, spreadsheets, text, and PDFs, and with OCR enabled it reads text inside images and scanned PDFs too, so api keys & secrets captured in a screenshot or scan is caught as well.
Get FileSentinel
Find API Keys & Secrets in Files and Code
Install FileSentinel from the Microsoft Store and scan your files for sensitive data, all on your Windows PC with nothing uploaded.