Real Working API Keys Leaked Every Hour on GitHub

One-Line Flow: Live GitHub scraper that finds accidentally-leaked API keys every second — OpenAI, Anthropic, DeepSeek, all free if you’re fast enough.

Why devs accidentally fund your next project

Thousands of working API keys hit public GitHub repos every day because people push .env files they shouldn’t.

By the time the leak gets noticed, you’ve already burned through $47 worth of credits that weren’t yours.

This is how broke developers ship features wealthy companies can’t. No ethics lecture here — just mechanics.

Every hour, live credentials leak: OpenAI, DeepSeek, Anthropic, Google AI, AWS, Stripe.

Not expired tokens. Not rate-limited demos. Funded accounts someone’s paying for right now.

API Radar scrapes GitHub in real time. Updated the second a new key appears.

Open it once. Watch the counter climb while you’re still reading this sentence.

Every refresh shows keys that didn’t exist 10 seconds ago.

https://apiradar.live

The leak happens. The tool catches it. You decide how fast you move.

The feed exists. Whether you use it or keep paying full price is your problem.

Bookmark it. Won’t be posted again.

Edited by @SRZ for readability

Hi everyone,

I wanted to share a free website that helps you find leaked API keys and secrets on GitHub.

What it does:

Scans Public Repos: Automatically searches GitHub for sensitive strings (like OpenAI keys, AWS credentials, and Firebase configs).

Real-time Results: Monitors recent commits to find keys before they are rotated.

No Setup Required: Everything is web-based, so you don’t need to run complex Python scripts or CLI tools locally.

How to use it:

Go to the websites (link below).

https://www.unsecuredapikeys.com/

Search for specific service you are looking for.

Browse the results for exposed credentials.

Disclaimer: This tool is intended for security researchers, bug hunters, and developers who want to check if their own keys have been leaked. Please use this information responsibly and ethically.

Please, what to use it for ?
Building our own apps or tools

u can see more about here, try.

Bro, thank you. I was using it a month ago. They accidentally deleted their database, but now it is back

Anything you want. It’s upto you

thanks, i justchecked this tool, and it’s just providing a single api key. i might be wrong, but that’s what i saw.

There are two websites which one you cheaked?

abt the unsecuredapikeys.com one

Oh, you can select which platform api key you want. It doesn’t shows a single key.

[MAJOR UPDATE] – Backend Hardening & Secure-by-Design Architecture

I’ve spent the weekend refactoring the entire data layer. To the users who mentioned the tool only showing specific results, the engine has now indexed over 3,100+ unique leaks across the global GitHub ecosystem.

What’s New:

• Redact-First Controller: I’ve moved the security logic to the backend. Raw API keys are now masked at the database fetch level. Even if someone inspects the network payload, the “fullKey” is physically not there.

• Attack Surface Reduction: I’ve removed the ‘Copy’ button. The platform is now a pure Discovery Radar. We are focusing on identifying leaks, not facilitating exploitation.

• Performance Plumbing: Refined the Nginx and Node.js config for zero-latency infinite scrolling through the 3k+ leak history.

Question: I’m looking to add more providers next. Should I prioritize Stripe, AWS, or Discord webhooks?

Test the new secure architecture here: https://apiradar.live

add dark screen. easier on the eyes.

Everything good, but i think i need the copy option

check now, changed the site entirely to dark mode.

useful share, thanks.
It takes patience to get something that works