Hardcoded passwords
Credentials embedded in scripts, notes, configuration files or handover documents.
Source coverage
Secret scanning for network shares
Network shares are one of the most overlooked sources of credential exposure. They collect years of project files, scripts, deployment notes, exports, archives and operational documents - often without clear ownership or access control.
Why it matters
This source can quietly accumulate access risk.
Onyxaris helps security teams scan this environment for exposed secrets and prioritize findings based on context and risk.
Common exposure patterns
- Long-lived folders without active owners
- Legacy scripts with embedded passwords
- Configuration backups copied for troubleshooting
- ZIP archives containing .env files
- Shared access across teams and departments
- Weak visibility for security teams
Detection examples
What Onyxaris looks for.
API keys and tokens
Access artifacts for SaaS services, internal applications, automation and CI/CD workflows.
Connection strings
Database or service connection strings with usernames, passwords, hosts and environment hints.
Private keys and certificates
SSH keys, TLS keys, key material and certificates stored in files or archives.
Cloud credentials
Cloud provider access keys, service account credentials and infrastructure secrets.
Sensitive config files
.env, .ini, .yaml, .json, .xml and application configuration files.
Outcome
Move from unknown exposure to prioritized cleanup.
Build a risk-based view of where secrets exist, which locations matter, and what teams should fix first.
| Finding | Context that helps | Typical action |
|---|---|---|
| Password in script | Path, owner hints, source and age | Rotate and replace with managed secret |
| API key in document | Document location and sharing state | Revoke, rotate and remove |
| Private key in archive | Nested path and recurrence | Replace keypair and delete copies |
| Connection string | Environment hints and database target | Rotate password and restrict access |
Start focused
Scan this source first.
Start with a focused exposure assessment for one high-risk environment, then expand coverage when the process is proven.