Hardcoded passwords
Credentials embedded in scripts, notes, configuration files or handover documents.
Source coverage
Secret scanning for OneDrive
OneDrive makes it easy to sync and share files. It also makes it easy for credentials to move from local machines into cloud storage without security teams noticing.
Why it matters
This source can quietly accumulate access risk.
Onyxaris helps security teams scan this environment for exposed secrets and prioritize findings based on context and risk.
Common exposure patterns
- Developers and admins sync working folders
- Temporary files remain after troubleshooting
- Credentials are pasted into notes or spreadsheets
- Config exports are stored for convenience
- Shared links expand potential exposure
- Local files become cloud copies
Detection examples
What Onyxaris looks for.
API keys and tokens
Access artifacts for SaaS services, internal applications, automation and CI/CD workflows.
Connection strings
Database or service connection strings with usernames, passwords, hosts and environment hints.
Private keys and certificates
SSH keys, TLS keys, key material and certificates stored in files or archives.
Cloud credentials
Cloud provider access keys, service account credentials and infrastructure secrets.
Sensitive config files
.env, .ini, .yaml, .json, .xml and application configuration files.
Outcome
Move from unknown exposure to prioritized cleanup.
Build a risk-based view of where secrets exist, which locations matter, and what teams should fix first.
| Finding | Context that helps | Typical action |
|---|---|---|
| Password in script | Path, owner hints, source and age | Rotate and replace with managed secret |
| API key in document | Document location and sharing state | Revoke, rotate and remove |
| Private key in archive | Nested path and recurrence | Replace keypair and delete copies |
| Connection string | Environment hints and database target | Rotate password and restrict access |
Start focused
Scan this source first.
Start with a focused exposure assessment for one high-risk environment, then expand coverage when the process is proven.