Introduction

Oracle is the enterprise-grade tool for Verifying, Auditing, and Securing API infrastructure. We solve the critical problem of credential opacity—instantly determining if a key is active, what permissions it holds, and if it belongs to the service you think it does.

Designed for DevOps, Security Engineers, and Developers, Oracle parses complex environment files (`.env`), logs, and configs to provide a unified health report of your entire credential stack.

Key Features

Multi-Provider Support: Native validation for over 30+ services (AI, Cloud, Database, Infra).
Context-Aware Analysis: Detects mismatches between variable names (e.g., `OPENAI_KEY`) and legitimate key types (e.g., Google keys), preventing configuration drift.
Granular Error Reporting: Distinguishes between Invalid (401), Leaked/Inactive (403), and Quota Exceeded (429).
Smart Fallbacks: Automatically identifying cross-provider formats (e.g., Stripe/Clerk collisions, Google/Firebase/Gemini shared prefixes).

Supported Providers (28+)

Oracle supports a massive ecosystem of APIs, constantly updated.

AI & LLM Services

● OpenAI

● Anthropic

● Google Gemini

● Cohere

● Mistral

● Groq

● HuggingFace

Infrastructure & Cloud

● AWS

● Google Cloud

● Firebase

● Supabase

● Heroku

● Cloudinary

● Upstash

● Neon/Postgres

DevOps & Tools

● GitHub

● GitLab

● NPM

● Docker

● Pusher

● Shodan

Communication & Marketing

● Slack

● SendGrid

● Resend

● Mailgun

● MailChimp

● Twilio

● Telegram

Context-Aware Validation

Environment variables are often copy-pasted incorrectly. Oracle reads the context around your key.

# Bad Configuration Example GROQ_API_KEY="AIzaSyB..." <-- This is actually a Google Key! # Oracle Result: [WARNING] Google (Labeled Groq) "This key matches Google format, not Groq (gsk_...)."

Security Architecture

We employ a Zero-Trust, Zero-Retention architecture designed for maximum security.

Client-Side Encryption: Keys are encrypted with AES-256 GCM before leaving your browser. The plain-text key is never visible to the network.
Ephemeral Processing: Keys are decrypted in volatile memory (RAM) only for the microseconds required to validate them against the provider.
Immediate Sanitization: Variables holding credentials are strictly nullified and garbage-collected immediately after use.
No Persistence: We do not use a database for credentials. There are no logs, no caches, and no backups of your keys.

Legal & Terms of Service

1. Disclaimer of Warranty

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

2. Limitation of Liability

You expressly understand and agree that Oracle shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses resulting from the use or the inability to use the service.

3. Zero Retention Policy

Oracle operates on a strict "Zero Retention" basis. We do not store, log, or persist your API keys continuously. Keys are processed in-memory for the duration of the verification request and are immediately discarded.

While we employ industry-standard encryption (AES-256) for transmission, you acknowledge that you are using this service at your own risk. We serve as a passthrough verification tool only.

4. User Responsibility

You are solely responsible for the security of your API keys. We recommend rotating any keys that you believe may have been compromised, regardless of Oracle's verification results.