diff --git a/bot/reviewbot/tools/rbcredentialchecker.py b/bot/reviewbot/tools/rbcredentialchecker.py
new file mode 100644
index 0000000000000000000000000000000000000000..8878a99205f10467d82e4f88499637d22c0368a3
--- /dev/null
+++ b/bot/reviewbot/tools/rbcredentialchecker.py
@@ -0,0 +1,108 @@
+"""Review Bot tool to check for hard-coded security credentials."""
+
+from __future__ import unicode_literals
+
+import re
+
+from reviewbot.tools import Tool
+
+
+class CredentialCheckerTool(Tool):
+    """Review Bot tool to check for hard-coded security credentials."""
+
+    name = 'Credential Checker'
+    version = '1.0'
+    description = ('Review Bot tool to check for hard-coded security '
+                   'credentials.')
+    timeout = 60
+
+    def __init__(self):
+        """Initialize the tool."""
+        super(CredentialCheckerTool, self).__init__()
+        self.pattern = re.compile(
+            rb"""(
+
+            # AWS Access Key
+            ((A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|
+            ANVA|ASIA)[A-Z0-9]{16})
+            |
+
+            # AWS MWS Key
+            (amzn.mws.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}
+            -[0-9a-f]{4}-[0-9a-f]{12})
+            |
+
+            # AWS Secret Key
+            (AWS.*[0-9A-Z/+]{40})
+            |
+
+            # Facebook Access Token
+            (EAACEdEose0cBA[0-9A-Za-z]+)
+            |
+
+            # GitHub OAuth
+            (GITHUB.*[0-9a-zA-Z]{35,40})
+            |
+
+            # Google (GCP) Service-account
+            (\"type\": \"service_account\")
+            |
+
+            # Heroku API Key
+            (HEROKU.*[0-9A-F]{8}-
+            [0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A
+            -F]{12})
+            |
+
+            # PGP Private Key Block
+            (----BEGIN PGP PRIVATE KEY BLOCK----)
+            |
+
+            # RSA Private Key
+            (----BEGIN RSA PRIVATE KEY----)
+            |
+
+            # SSH(DSA) Private Key
+            (----BEGIN DSA PRIVATE KEY----)
+            |
+
+            # SSH(EC) Private Key
+            (----BEGIN EC PRIVATE KEY----)
+            |
+
+            # SSH(OPENSSH) Private Key
+            (----BEGIN OPENSSH PRIVATE KEY----)
+            |
+
+            # Slack Token
+            (xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}
+            -[a-z0-9]{32})
+            |
+
+            # Twitter OAuth
+            (TWITTER.*[0-9a-zA-Z]{35,44})
+
+            )""", re.IGNORECASE | re.VERBOSE)
+
+    def handle_file(self, f, settings):
+        """Perform a review of a single file.
+
+        Args:
+            f (reviewbot.processing.review.File):
+                The file to process.
+
+            settings (dict):
+                Tool-specific settings.
+        """
+        patched_file_contents = f.patched_file_contents
+
+        if not patched_file_contents:
+            return
+
+        lines = patched_file_contents.splitlines()
+
+        for i, line in enumerate(lines):
+            if self.pattern.search(line):
+                f.comment(('This line appears to contain a hard-coded '
+                           'credential, which is a potential security '
+                           'risk.'), i + 1)
diff --git a/bot/setup.py b/bot/setup.py
index 07764e4a52a729b4386dadc2efccd6d21d8ff9b4..10877c26fbf92fd51b2a4e718db5580e15641413 100755
--- a/bot/setup.py
+++ b/bot/setup.py
@@ -37,6 +37,7 @@ setup(
             'pycodestyle = reviewbot.tools.pycodestyle:PycodestyleTool',
             'pydocstyle = reviewbot.tools.pydocstyle:PydocstyleTool',
             'pyflakes = reviewbot.tools.pyflakes:PyflakesTool',
+            'rbcredentialchecker = reviewbot.tools.rbcredentialchecker:CredentialCheckerTool',
         ],
     },
     install_requires=[
diff --git a/docs/reviewbot/tools/index.rst b/docs/reviewbot/tools/index.rst
index 9f3721a291e735c01ee177fa22a9854b6abbcef2..d1bb2d5bbb23ecca855003fc7d7e4de34eba0c7b 100644
--- a/docs/reviewbot/tools/index.rst
+++ b/docs/reviewbot/tools/index.rst
@@ -19,3 +19,4 @@ Review Bot Tools
    pycodestyle
    pydocstyle
    pyflakes
+   rbcredentialchecker
diff --git a/docs/reviewbot/tools/rbcredentialchecker.rst b/docs/reviewbot/tools/rbcredentialchecker.rst
new file mode 100644
index 0000000000000000000000000000000000000000..4ce8df94e5a85e8b8a9322bc5a5a7981528c588c
--- /dev/null
+++ b/docs/reviewbot/tools/rbcredentialchecker.rst
@@ -0,0 +1,32 @@
+.. _tool-rbcredentialchecker:
+
+==================
+Credential Checker
+==================
+
+Credential Checker is a tool for Review Bot to check for hard-coded security
+credentials.
+
+
+Checks
+======
+
+Credential Checker uses regex patterns to match the credentials. The result
+might contain false positives.
+
+Currently, the following credential types could be detected:
+
+* AWS Access Key
+* AWS MWS Key
+* AWS Secret Key
+* Facebook Access Token
+* GitHub OAuth
+* Google (GCP) Service-account
+* Heroku API Key
+* PGP Private Key Block
+* RSA Private Key
+* SSH(DSA) Private Key
+* SSH(EC) Private Key
+* SSH(OPENSSH) Private Key
+* Slack Token
+* Twitter OAuth
\ No newline at end of file