A lightweight, minimal Chrome extension that helps you quickly scan GitHub repositories for accidentally exposed secrets like .env files, API keys, AWS credentials, and private RSA keys.
- Auto-Detect Repository: Automatically pre-fills the repository URL when you open the extension on a GitHub repository page.
- Scan Common pattern: Scans a specific repository for common secret exposures (
.env,id_rsa,credentials, AWSAKIAkeys,BEGIN PRIVATE KEY). - Custom Search: Search for specific custom keywords within a single repository.
- Global Search: Search for any custom keyword across all public repositories on GitHub.
- Minimalist UI: Clean, modern, and dark-mode native interface that matches the GitHub developer aesthetic.
Since this extension is not published to the Chrome Web Store yet, you can install it manually:
- Download or clone this repository to your local machine.
- Open Google Chrome and navigate to
chrome://extensions/. - Enable Developer mode using the toggle switch in the top right corner.
- Click the Load unpacked button in the top left.
- Select the root folder containing this extension's
manifest.json. - The extension is now installed! You can access it as a Side Panel right from your toolbar.
Due to GitHub API rate limits and authentication requirements for the Code Search API, you must provide a GitHub Personal Access Token (PAT) for this extension to function correctly.
Please see the HOW_TO_GET_GITHUB_TOKEN.md file for straightforward instructions on how to generate and configure your token. The token is stored securely in your browser's local storage and is only sent to the official GitHub API.
- Your Personal Access Token (PAT) never leaves your browser device except to authenticate with
api.github.com. - No analytics or third-party tracking are used.