[blisterpeanuts]

You're right, but I was thinking of searching for known passwords. For example, if an Oracle db accessed by developers is tekla / tekla1234, then scan for the string "tekla1234". It should not exist in any file. If it exists in a file, then obviously that is a potential leak.

[JamesSwift]

And where do you intend to store these "bad" passwords in order to scan??

[ponyboy123]

Don’t be so mean to the guy.

One approach would be to have passwords of a known format, that are rotated frequently, and to verify that you’re not finding any strings matching those patterns save to disk or in log files, etc.