Detects exposed Discord tokens and credentials in code and files
Detects exposed GitHub tokens and credentials in code and files
Detects exposed GitLab tokens and credentials in code and files
Detects exposed Heroku API keys and credentials in code and files
Detects exposed MongoDB connection strings and credentials in code and files
Detects exposed OpenAI API keys and credentials in code and files
Detects exposed PostgreSQL connection strings and credentials in code and files
Detects exposed Redis connection strings and credentials in code and files
Detects exposed Slack tokens and credentials in code and files
Detects exposed Square API keys and credentials in code and files
Detects exposed Stripe API keys and credentials in code and files
Detects exposed Vercel tokens and credentials in code and files
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@credential-freescan this config file for exposed API keys"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
credential-free
MCP server that scans code for exposed secrets. Detects API keys, tokens, and credentials in 69 patterns across cloud, AI, payment, and auth services.
Quick Setup ( 2 minutes )
Install System-wide
⚠️ Requires Python 3.10+
# Clone and install
git clone <repo-url>
cd credential-free
pip install -e .
# Run server
python -m src.serverAlternative: Requirements File
pip install -r requirements.txt
python -m src.serverAdd to Your IDE
Windsurf / Kiro
Edit mcp_config.json:
{
"mcpServers": {
"credential-free": {
"command": "/usr/bin/python3",
"args": ["-m", "src.server"],
"env": {}
}
}
}Find your Python path:
# Mac/Linux
which python3
# Windows
where pythonClaude Desktop
Edit claude_desktop_config.json:
{
"mcpServers": {
"credential-free": {
"command": "/usr/bin/python3",
"args": ["-m", "src.server"],
"env": {}
}
}
}Test It
MCP Server Test
# Test the server
python -c "from src.server import get_patterns; print('Server works!')"CLI Test
# Test CLI info
python -m src info
# Test CLI scan
python -m src scan file README.md
# Test CLI with exclude patterns
python -m src scan directory . --exclude-patterns '.*\.txt$'Usage Examples
MCP Server (AI Assistant)
Ask your AI:
"scan this file for secrets"
"check my project for exposed api keys"
"what patterns do you detect?"
"find any hardcoded credentials"
"scan my project but exclude .txt files"
CLI (Standalone)
# Scan single file
python -m src scan file config.py
# Scan directory with exclusions
python -m src scan directory . --exclude-patterns '.*\.txt$' '.*\.md$'
# Scan text content
python -m src scan content "AKIAIOSFODNN7EXAMPLE"
# Show scanner info
python -m src infotools
MCP Tool | CLI Command | description |
|
| scan a file for secrets |
|
| scan a folder recursively (supports exclude_patterns) |
|
| scan text directly |
|
| list detection patterns |
what it detects
69 patterns across:
cloud: aws, gcp, azure, vercel, heroku
ai: openai, anthropic, huggingface, groq
payment: stripe, square
auth: github, gitlab, slack, discord
database: postgresql, mongodb, redis
example output
{
"success": true,
"count": 2,
"findings": [
{
"type": "AWS Access Key",
"value": "AKIA****MPLE",
"severity": "CRITICAL",
"category": "cloud"
}
]
}docker
docker build -t credential-free .
docker run credential-freebuilt for aws global vibe hackathon 2025