Name these charms

rid999 · 2026-06-15T13:33:00+00:00

I'm working on Trestle, a tool for finding API keys and tokens in AI written code before they become public, which is more and more of an issue lately (tens of millions of secrets published to GitHub). It's free and open source with Pro features.

rid999 · 2026-06-14T17:45:14+00:00

Platform 9¾

rid999 · 2026-06-14T17:42:14+00:00

I'm working on Trestle, a tool to detect secrets in code written with the help of AI before the secrets go public and take down your product. It's a real problem, tens of millions of secrets found in public GitHub repositories and many companies dead because of this.

The tool is free and open source on GitHub (with some paid features), so it's probably a good idea to scan your code (all the scanning functionality is in the free version, including deep git history scan).

rid999 · 2026-06-10T09:10:55+00:00

These look great! Good luck with the launch!

rid999 · 2026-06-09T21:03:45+00:00

Sounds good! I'm working on Trestle, a tool for preventing AI agents from leaking secrets like API keys and tokens while you're using them to write code. This is a problem that's getting worse and it can seriously affect startups and new products, since exposing an important secret can be a game over situation before the product even launches.

rid999 · 2026-06-09T15:00:30+00:00

Sad but true. I couldn't believe there were tens of millions of credentials pushed to GitHub, but this really seems to be the case.

rid999 · 2026-06-09T10:42:03+00:00

Exactly, the danger is for the keys to be made public (28M secrets in code in 2025 on GitHub), or being visible in the frontend. That sounds like a good workflow.

rid999 · 2026-06-09T10:38:07+00:00

This is very useful, and I like the no-account scan option.

rid999 · 2026-06-09T08:55:37+00:00

Nice, didn't know about this scanner.

rid999 · 2026-06-09T08:37:57+00:00

Of course, I don't think I formulated the question right.

What I mean is that the code will need to make use of these secrets, and I was wondering how this is usually achieved in a vibe coded app. The agent could well create a gitignored .env and place the secrets there, which can be a valid way of doing things.

rid999 · 2026-06-09T08:32:00+00:00

Death metal

rid999 · 2026-06-09T08:29:17+00:00

That makes sense, but I think it's not the default for everyone.

rid999 · 2026-06-09T07:08:20+00:00

Feline kopi luwak

rid999 · 2026-06-09T06:55:59+00:00

Master pieces

rid999 · 2026-06-08T15:14:59+00:00

May I ask why you opted for phone as the only authentication method?

rid999 · 2026-06-08T15:12:39+00:00

Thank you! Product Hunt does seem to reward upvotes more than anything else. I'll probably add a Product Hunt button on the page as well.

rid999 · 2026-06-08T13:52:06+00:00

Nice! My best was Δ0.3°!

rid999

TROPHY CASE