Secret detection scans your code for exposed API keys, passwords, tokens, and credentials. Leaked secrets can give attackers direct access to your systems, leading to data breaches or costly cloud misuse. Even a single AWS key in a repo can be exploited. Secret scanning helps catch these issues before they're pushed or merged, protecting your infrastructure from unauthorized access.

Aikido scans your code and config files for known secret patterns and high-entropy strings. It detects API keys, tokens, private keys, DB creds, and more. Using pattern matching, entropy analysis, and validation logic, it identifies real secrets while minimizing false alarms. It flags anything sensitive enough to be dangerous if exposed.

By default, Aikido scans the current code, but it can also scan full Git history to catch secrets exposed in old commits. Historical scanning is optional and configurable - ideal for detecting secrets that were added and removed but still accessible in repo history.

You can integrate Aikido into CI pipelines, blocking builds or PRs with detected secrets. It also supports IDE extensions and pre-commit hooks for real-time feedback during development. This ensures secret detection happens automatically - before secrets hit production branches.

Aikido is optimized to reduce false positives. It avoids flagging known public keys (e.g., Stripe publishable keys) and filters out test values or random data. When possible, it verifies secrets for validity before raising alerts, so the results you get are relevant and actionable.

Yes. You can add ignore rules, patterns, or annotations to prevent Aikido from flagging known test values. You can also mark findings as "won't fix" or safe in the dashboard. This tuning helps reduce alert fatigue and lets you control what gets flagged.

Aikido alerts you immediately and can block the commit or build (if integrated into CI). It shows the file, line, and key type, and recommends revoking the secret. While Aikido doesn't revoke keys directly, it highlights active credentials and guides you on what to do next.

Aikido offers detection quality on par with GitGuardian/Gitleaks but integrates secret scanning into a broader security platform. It reduces noise with contextual triage and unifies alerts across code, cloud, IaC, and secrets. It's one tool for all risks - no juggling multiple platforms.

Yes, it scans all text files - code, YAML, JSON, .env files, Terraform, commit messages, and more. Secrets often hide in configs or manifests, and Aikido checks them all to catch accidental leaks wherever they appear.

Aikido complements GitHub scanning and hooks with broader coverage (multi-platform support), centralized alerting, and deeper context. It doesn't rely on dev setup, reduces false positives, and catches secrets across all repos - even if hooks are bypassed. It adds layered protection and better visibility.