Hardcoded passwords
Credentials embedded in scripts, notes, configuration files or handover documents.
Source coverage
Detect exposed secrets on file servers
File servers often hold years of operational memory: scripts, exports, configuration packages, troubleshooting notes, database dumps and archived application releases.
Why it matters
This source can quietly accumulate access risk.
Onyxaris helps security teams scan this environment for exposed secrets and prioritize findings based on context and risk.
Common exposure patterns
- Legacy directories with unclear ownership
- Administrative scripts with hardcoded passwords
- Old release packages and backup folders
- Configuration files copied during incidents
- Broad access groups and inherited permissions
- Files that predate modern AppSec controls
Detection examples
What Onyxaris looks for.
API keys and tokens
Access artifacts for SaaS services, internal applications, automation and CI/CD workflows.
Connection strings
Database or service connection strings with usernames, passwords, hosts and environment hints.
Private keys and certificates
SSH keys, TLS keys, key material and certificates stored in files or archives.
Cloud credentials
Cloud provider access keys, service account credentials and infrastructure secrets.
Sensitive config files
.env, .ini, .yaml, .json, .xml and application configuration files.
Outcome
Move from unknown exposure to prioritized cleanup.
Build a risk-based view of where secrets exist, which locations matter, and what teams should fix first.
| Finding | Context that helps | Typical action |
|---|---|---|
| Password in script | Path, owner hints, source and age | Rotate and replace with managed secret |
| API key in document | Document location and sharing state | Revoke, rotate and remove |
| Private key in archive | Nested path and recurrence | Replace keypair and delete copies |
| Connection string | Environment hints and database target | Rotate password and restrict access |
Start focused
Scan this source first.
Start with a focused exposure assessment for one high-risk environment, then expand coverage when the process is proven.