Stopping Leaks Before They Happen: Client-Side Secret Scanning
We've all done it. You're trying to send a database password to a colleague, but your clipboard history fails you, and you accidentally paste your **Stripe Live Secret Key** instead.
Historically, tools like EnvShareApp would dutifully encrypt that key and send it. Technically, it's "secure"—only the recipient can read it. But operationally, it's a disaster. That key is now "in the wild," even if just for a moment.
That's why we built **Client-Side Secret Scanning**.
The Pre-Encryption Defense
Most secret scanners (like GitHub's) work on the server or after a commit. We moved the detection layer **into the browser**.
How it works
When you type or paste into EnvShareApp, we run a lightweight set of Regex patterns against your text. This happens entirely on your device. The patterns detect common formats for:
- AWS Access Keys (`AKIA...`)
- Stripe Secret Keys (`sk_live_...`)
- Slack Bot Tokens (`xoxb-...`)
- Google Cloud Keys
The "Did You Mean To Share This?" Modal
If we detect a match, encryption is **halted**. A warning modal appears immediately.
High-Entropy Secret Detected
It looks like you are trying to share a Stripe Live Key. Usually, these should be rotated, not shared.
You can always bypass this warning (sometimes you *do* need to share a key urgently). But this friction point prevents 99% of accidental leaks.
Protecting 30+ Key Types
Our pattern library is growing. We currently support:
- ✅ AWS Keys
- ✅ Stripe Keys
- ✅ Slack Tokens
- ✅ GitHub Tokens
- ✅ Google Cloud Keys
- ✅ OpenAI Keys
- ✅ Private Keys (RSA/DSA)
- ✅ Facebook Access Tokens
Try it yourself
Paste a fake AWS key (like AKIAXXXXXXXXXXXXXXXX) into the box to see the warning.