there are tools already like trufflehog that will find leaked secrets

macos still ships with live github private keys in the library folder

oops i put my god level aws key in js on my website

oops i put the supabase key in frontend

oh no! i am the maintainer of a hosted password manager and i took home the cmek key