This repository is intentionally created with exposed secrets to test secrets scanning tools and security pipelines. All credentials here are FAKE and NOT REAL.
This repository contains various types of fake secrets commonly found in real codebases:
- AWS Access Keys & Secret Keys
- GitHub Personal Access Tokens
- API Keys (Stripe, SendGrid, Twilio, etc.)
- Database Connection Strings
- Private Keys (SSH, RSA)
- OAuth Tokens
- JWT Secrets
- Service Account Credentials
- And many more...
This repository helps test:
- Current File Scanning - Secrets in the latest commit
- Historical Scanning - Secrets that were "removed" but still in git history
- Multiple File Types - Python, JavaScript, YAML, Docker, etc.
- Various Secret Patterns - 50+ different secret types
🚨 ALL SECRETS IN THIS REPOSITORY ARE FAKE 🚨
These credentials are:
- Randomly generated
- Not connected to any real service
- Safe to share publicly
- For testing purposes only
If your secrets scanner finds real credentials here, it's a false positive!
Use this repository to:
- Test your secrets scanning tools
- Validate detection accuracy
- Train security teams
- Demonstrate security vulnerabilities
Created by Tarek CHEIKH for security testing and education.
Public Domain - Use freely for testing and education.