Hunting API Keys in the Wild: How I Built FleaMarket to Find (and Help Fix) Real Leaks on GitHub
TL;DR: I built an ethical, open-source scanner called FleaMarket that finds exposed API keys in fresh GitHub repos. In a recent scan, it discovered live Google/Gemini keys in public .env files โ and I helped owners secure them before any abuse occurred. ๐ต๏ธโโ๏ธ Why Hunt for Secrets? API keys in public code are like leaving your house keys under the doormat. Even if you think no one will look โ bots do. Thousands of keys are scraped every hour, leading to: ...