Network shares become credential graveyards
Legacy folders, project handovers, scripts, exports and operational notes often contain secrets that nobody owns anymore.
Enterprise Secrets Exposure Intelligence
Find exposed secrets before attackers do.
Onyxaris helps security teams discover passwords, API keys, tokens, private keys, connection strings and other sensitive technical artifacts hidden across network shares, repositories, OneDrive, SharePoint and enterprise file stores.
Beyond repository-only scanning
Risk-based prioritization
Enterprise-first deployment
Finding preview
Database connection string exposed in SharePoint
Source: Project handover library · Confidence: High · Exposure: Broad internal access
The problem
Secrets do not stay in code.
Credentials are copied into deployment notes, exported into spreadsheets, stored in ZIP archives, pasted into troubleshooting documents, left in legacy file shares and synced through collaboration platforms.
Collaboration tools multiply exposure
OneDrive and SharePoint make it easy to share files, but they also make it easy for sensitive technical artifacts to spread beyond their intended audience.
Repository scanning is not enough
Git secret scanning is important, but it does not cover archives, documentation, backups, shared drives or files created outside engineering workflows.
Security teams need context, not noise
Finding a string that looks like a secret is only the beginning. Teams need ownership, source, exposure, confidence and remediation priority.
What Onyxaris does
Enterprise-wide secrets exposure discovery.
Onyxaris scans organizational resources to detect exposed secrets and risky technical artifacts, then turns raw findings into prioritized, actionable visibility.
Detection
Detect secrets and credentials
Identify passwords, API keys, access tokens, private keys, certificates, service account credentials, database connection strings and cloud access keys.
Explore → CoverageScan beyond repositories
Cover network shares, file servers, Git repositories, OneDrive, SharePoint, archives, documents, scripts, exports and configuration files.
Explore → RiskPrioritize by risk
Combine secret type, file context, source, exposure level, confidence and potential impact into a risk-based view.
Explore → SignalReduce false positives
Use detection rules, entropy checks, contextual analysis and validation-ready workflows to distinguish noise from real exposure.
Explore → ContextMap exposure paths
Understand where sensitive artifacts are located, how they are distributed and which business or technical area may own them.
Explore → WorkflowSupport remediation
Create evidence, assign ownership, track status and help teams rotate, remove or secure exposed credentials.
Explore →Coverage
Designed for the places where secrets actually spread.
Onyxaris focuses on technical secrets and sensitive access artifacts. Broad personal data detection is not the primary scope at this stage.
| Source | What Onyxaris looks for | Why it matters |
|---|---|---|
| Network shares | Scripts, configs, exports, password files, archives | High-volume unmanaged storage often ignored by AppSec tools |
| Git repositories | Hardcoded secrets, history, config files | Developer workflows still leak credentials |
| OneDrive | Shared documents, synced files, exported configs | Personal and team storage can expand exposure quickly |
| SharePoint | Libraries, project sites, shared folders | Business collaboration often contains technical handover data |
| Archives & backups | ZIP, 7z, tar and backup packages | Secrets remain hidden inside packaged files |
Workflow
From scattered findings to operational visibility.
1. Connect sources
Add network locations, repositories, OneDrive, SharePoint or other enterprise resources to the monitored scope.
2. Scan files and histories
Analyze files, metadata, selected histories and supported archives for patterns that indicate exposed secrets.
3. Enrich with context
Link each finding with source, path, file type, detection category, confidence, exposure indicators and ownership signals.
4. Prioritize and remediate
Move from raw alerts into a risk-based remediation workflow that teams can assign, export and track.
Resource hub
Build authority around secrets exposure.
Guide
What is secret scanning?
A practical guide to secret scanning, common secret types, detection logic and enterprise use cases.
Explore → ComparisonSecret scanning vs DLP
Understand how focused credential exposure detection differs from broad data loss prevention.
Explore → PlaybookSecret remediation playbook
A practical workflow for rotating, revoking, removing and documenting exposed credentials.
Explore →Explore the site
Find the right starting point.
Credential exposure scenarios
Exposed API keys
Hardcoded passwords
Database connection strings
Cloud access keys
Service account credentials
Certificates & private keys
Pre-audit risk discovery
Who Onyxaris helps
Guides and playbooks
What is secret scanning?
Secret scanning vs DLP
Why network shares leak secrets
Remediation playbook
Maturity model
Secret types
OneDrive secret risk
SharePoint credential exposure
Git history secret leaks
Risk scoring for secrets
Secret scanning checklist
Example investigations
Network share database passwords
SharePoint external exposure
Git history cloud keys
Pre-audit secrets discovery
Start focused
Ready to find where secrets are hiding?
Start with a focused exposure assessment across your highest-risk sources: network shares, repositories, OneDrive or SharePoint.