Secret Keys in Your Code Are a Severe Danger You Are Probably Unaware Of

We simply eliminate this danger for you. That's all.

How It Works

Connect Your GitHub

Connect our GitHub app and install our GitHub integration.

Scan Your Repositories

Run full scans to unveil secret keys that are not supposed to be exposed within your code

Receive Alerts

Be always safe. We'll notify you immediately when a secret key is committed to any of your repositories

What Our Users Say about Us

They're our users, hear them out.

Frequently Asked Questions

  • What do I do with exposed keys that GitMonkey finds?

    You revoke them immediately! Generate another key from your API provider and make sure to keep it safe this time.

  • My repositories are private. Why do I need GitMonkey?

    Two reasons: 1. private repositories have the tendency to become public due to account owners efforts to save money on their GitHub expenses. It’s very easy to turn a private reposiory into a public one. The thing is that you never know what’s inside when you do it, so you better keep secrets off private repositories as well. 2. Code in private repositories still have wider inter-org access and exposure than other means of storing keys. Exposed keys can therefore be maliciously used by -- let’s say -- frustrated employees (or ex-employees). You shouldn’t keep the keys exposed in the code.

  • Do you support other git platforms?

    We currently support only GitHub but plan to support Bitbucket and GitLab going forward.

  • How accurate are your scans?

    We match against hundreds of known patterns but at this stage we can’t commit to positively identifying private keys and secrets. When we find a match we mark it for you according to our algorithm severity and the job of validating whether the suspected key is indeed an exposed private key is your responsibility. We may take a leap forward in that direction in the future though.

Ready to Start Feeling Safer

About Your Code?