This repository is designed to demonstrate GitHub secret scanning tools. All credentials, API keys, and secrets in this repository are intentionally fake and non-functional.
This repo contains examples of common security vulnerabilities:
- AWS Credentials - Access keys and secret keys
- Stripe API Keys - Payment processing credentials
- GitHub Personal Access Tokens - Repository access tokens
- Database Connection Strings - PostgreSQL, MySQL, MongoDB URLs
- Google API Keys - Cloud service credentials
- JWT Tokens - Authentication tokens
- Private Configuration Files -
.env,config.json,secrets.yml
This repository is used for:
- Security Tool Demonstrations - Testing secret detection tools
- Developer Training - Learning what NOT to commit to GitHub
- CI/CD Pipeline Testing - Validating security scanning integrations
- MCP Server Demos - Demonstrating AI-powered security tools
Never commit real secrets to GitHub! Use:
- Environment variables
- Secret management services (AWS Secrets Manager, HashiCorp Vault)
.gitignoreto exclude sensitive files- Pre-commit hooks to scan for secrets
- GitHub's secret scanning alerts
This repository was created for demonstrating a GitHub Secret Scanner built with:
- Model Context Protocol (MCP)
- Cloudflare Workers
- Claude Desktop integration
🔒 Remember: All secrets in this repo are fake. This is for educational purposes only!