I m a solo dev working on API Radar a live feed of leaked API keys and secrets found in public GitHub repos. Later today I m shipping a big rebuild of the search/detection engine, and I d love to sanity check a few things with this crowd before it goes fully live on Product Hunt.
A couple of questions for folks in security, DevOps/SRE, or backend roles:
What s the most useful way to present this kind of data so it actually helps you fix issues? (per repo view, per provider, timelines, alerts, something else?)
Where s the ethical line for you? The data is from public repos only, but what would make a tool like this clearly defensive and helpful rather than sketchy or abusable?
Blunt feedback is welcome on the idea, UX, or even whether this should exist at all.
API Radar turns leaked API keys into a searchable threat feed for your own org. This new version rebuilds the core engine so it continuously discovers exposed keys in public GitHub, then lets you slice them by provider, repo, file path, and time to see exactly what’s out and where. Instead of digging through noisy scanners or random alerts, you get a focused view of real leaked credentials you can revoke and rotate fast.
API Radar tracks real-time API key leaks across GitHub.
OpenAI, Google, Claude & more - no honeypots, no junk, just live, bleeding credentials the moment they’re exposed.
Built for devs, hackers & teams who want to see the breach before the breach.
