Why Scan Your .env File?
Environment files often contain database passwords, API keys, and tokens. Accidentally committing them to Git or leaving debug mode enabled in production is a common source of breaches. This scanner highlights patterns that deserve review before deployment.
Frequently Asked Questions
Is my .env file uploaded anywhere?
No. Scanning runs entirely in your browser. Your secrets are never sent to any server — but avoid pasting production credentials on untrusted machines regardless.
What patterns does this detect?
Common secret key names (PASSWORD, SECRET, API_KEY, AWS keys), debug flags set to true, empty critical values, hardcoded private keys, and suspicious live/staging key prefixes.