OpenKeyGuard

An independent security initiative dedicated to helping developers discover and fix exposed OpenAI API keys before they can be misused.

Learn More Support Our Mission

Impact at a Glance

Exposures Detected

Owners Notified

Keys Revoked

Our Mission

Every day, developers accidentally expose their OpenAI API keys on GitHub. These exposed keys can lead to unauthorized usage, unexpected bills, and security risks.

OpenKeyGuard automatically scans public GitHub repositories for exposed API keys and notifies repository owners through responsible disclosure practices. We never store or misuse detected keys.

Our goal is to protect the developer community by preventing unauthorized access and promoting security best practices.

Protect Your API Keys

Do's

✓ Use environment variables (.env files)
✓ Add .env to .gitignore
✓ Use secret management tools (GitHub Secrets, AWS Secrets Manager)
✓ Rotate keys regularly and after any exposure
✓ Set usage limits and monitoring on your API keys

Don'ts

✗ Never commit API keys directly in code
✗ Don't hardcode secrets in configuration files
✗ Avoid sharing keys in screenshots or documentation
✗ Don't use the same key across multiple projects
✗ Never commit .env files to version control

Support OpenKeyGuard

OpenKeyGuard is a free, independent security initiative. Your support helps maintain scanning infrastructure, cover API and hosting costs, and ensure we can continue protecting developers from exposed API keys.

GitHub Sponsors Donate via Stripe

100% of donations go toward infrastructure and development costs.