SecAPI: Secure, AI-Driven API Key Management & Leak Prevention

Binayak Jha Posted on May 30           SecAPI: Secure, AI-Driven API Key Management & Leak Prevention # devchallenge # githubchallenge GitHub “Finish-Up-A-Thon” Challenge Submission This is a submission for the GitHub Finish-Up-A-Thon Challenge What I Built SecAPI is a local-first, zero-trust CLI utility and key manager designed to make code security the easiest developer path. Exposing secrets (like Stripe, OpenAI, or AWS keys) in repository files is one of the most common causes of credential leaks. Often, developers resort to plaintext .env files that can be accidentally staged and pushed, or struggle with complex vault set-ups. SecAPI solves this with a seamless three-step command line workflow: Scans codebases for exposed API keys using fast regex rules or advanced AI analysis. Vaults secrets locally using strong AES-256 encryption derived via PBKDF2-HMAC (completely offline). Replaces raw hardcoded strings in code with secure, runtime references ( load_key("key_name") )—preserving variable names, indentation, and comments. It means we can keep our code secure, separate environments easily, and prevent pushes with unencrypted credentials—all without relying on cloud-based vault hosts. Demo Interactive Web Showcase : secapi.netlify.app GitHub Repository : github.com/BinayakJha/SecAPI The Scrolling CLI Showcase in Action Check out the interactive scrollytelling page on secapi.netlify.app to see the simulator type out and execute the CLI commands (scanning, setting up vaults, applying smart code rewrites, checking the status board, and running the git pre-commit hook) in real-time as you scroll! The Comeback Story Where It Started SecAPI was an abandoned CLI prototype. It was un-installable due to file packaging typos, suffered from weak vault security (a custom padding scheme instead of a standard key derivation function), had no recovery options if the master password was lost, and used a basic console print command to list keys. Fur