Skip to main content

Secret scanning patterns

Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.

Secret scanning for partner patterns is automatically run on public repositories in all products on GitHub.com. Secret scanning for advanced security is available for repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. 有关详细信息,请参阅“关于 GitHub Advanced Security”。

About secret scanning patterns

GitHub maintains these different sets of secret scanning patterns:

  1. Partner patterns. Used to detect potential secrets in all public repositories. For details, see "Supported secrets for partner patterns."
  2. Advanced security patterns. Used to detect potential secrets in repositories with secret scanning enabled.

Organizations using GitHub Enterprise Cloud with GitHub Advanced Security can enable secret scanning for advanced security on their repositories. For details of these patterns, see the GitHub Enterprise Cloud documentation.

Supported secrets for partner patterns

GitHub currently scans public repositories for secrets issued by the following service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about secret scanning for partner patterns, see "About secret scanning for partner patterns."

如果访问资源需要配对的凭据,则只有在同一文件中检测到该配对的两个凭据时,机密扫描才会创建警报。 这可确保最关键的泄漏不会隐藏在有关部分泄漏的信息后面。

Partner支持的密钥
Adafruit IOAdafruit IO 密钥
AdobeAdobe 设备令牌
AdobeAdobe 服务令牌
AdobeAdobe 短暂访问令牌
AdobeAdobe JSON Web 令牌
Alibaba CloudAlibaba 云端访问密钥 ID 和访问密钥对
Amazon Web Services (AWS)Amazon AWS 访问密钥 ID 和秘密访问密钥对
AtlassianAtlassian API 令牌
AtlassianAtlassian JSON Web 令牌
AzureAzure Active Directory 应用程序密钥
AzureAzure Batch 可识别密钥
AzureAzure CosmosDB 可识别密钥
AzureAzure DevOps Personal Access Token
AzureAzure ML 工作室(经典)Web 服务密钥
AzureAzure SAS 令牌
AzureAzure 搜索管理密钥
AzureAzure 搜索查询密钥
AzureAzure 服务管理证书
AzureAzure SQL 连接字符串
AzureAzure 存储帐户密钥
Checkout.comCheckout.com 生产密钥
Checkout.comCheckout.com 测试密钥
ChiefChief 工具令牌
ClojarsClojars 部署令牌
CloudBees CodeShipCloudBees CodeShip 凭据
参与的系统参与的系统凭据
DatabricksDatabricks 访问令牌
DatadogDatadog API 密钥
DevCycleDevCycle 客户端 API 密钥
DevCycleDevCycle 服务器 API 密钥
DigitalOceanDigitalOcean Personal Access Token
DigitalOceanDigitalOcean OAuth 令牌
DigitalOceanDigitalOcean 刷新令牌
DigitalOceanDigitalOcean 系统令牌
DiscordDiscord 自动程序令牌
DopplerDoppler 个人令牌
DopplerDoppler 服务令牌
DopplerDoppler CLI 令牌
DopplerDoppler SCIM 令牌
DopplerDoppler 审核令牌
DropboxDropbox 访问令牌
DropboxDropbox 短暂访问令牌
DynatraceDynatrace 访问令牌
DynatraceDynatrace 内部令牌
FigmaFigma Personal Access Token
FinicityFinicity App 密钥
Frame.ioFrame.io JSON Web 令牌
Frame.ioFrame.io Developer 令牌
FullStoryFullStory API 密钥
GitHubGitHub Personal Access Token
GitHubGitHub OAuth 访问令牌
GitHubGitHub 刷新令牌
GitHubGitHub App 安装访问令牌
GitHubGitHub SSH 私钥
GoCardlessGoCardless 实时访问令牌
GoCardlessGoCardless Sandbox 访问令牌
Google CloudGoogle API 密钥
Google CloudGoogle Cloud 私钥 ID
Hashicorp TerraformTerraform Cloud / Enterprise API 令牌
HubspotHubspot API 密钥
HubspotHubspot API 个人访问密钥
IonicIonic Personal Access Token
IonicIonic 刷新令牌
JD CloudJD Cloud 访问密钥
线性线性 API 密钥
线性线性 OAuth 访问令牌
MailchimpMailchimp API 密钥
MailchimpMandril API 密钥
MailgunMailgun API 密钥
MessageBirdMessageBird API 密钥
元数据Facebook Access Token
npmnpm 访问令牌
NuGetNuGet API 密钥
Octopus 部署Octopus 部署 API 密钥
OpenAIOpenAI API 密钥
PalantirPalantir JSON Web 令牌
PlanetScalePlanetScale 数据库密码
PlanetScalePlanetScale OAuth 令牌
PlanetScalePlanetScale 服务令牌
PlivoPlivo 身份验证 ID 和令牌
PostmanPostman API 密钥
PrefectPrefect 服务器 API 密钥
PrefectPrefect 用户 API 令牌
ProctorioProctorio 消费者密钥
ProctorioProctorio 链接密钥
ProctorioProctorio 注册密钥
ProctorioProctorio 密钥
PulumiPulumi 访问令牌
PyPIPyPI API 令牌
ReadMeReadMe API 访问密钥
redirect.pizzaredirect.pizza API 令牌
RubyGemsRubyGems API 密钥
SamsaraSamsara API 令牌
SamsaraSamsara OAuth 访问令牌
SendGridSendGrid API 密钥
SendinblueSendinblue API 密钥
SendinblueSendinblue SMTP 密钥
ShopifyShopify App 共享密钥
ShopifyShopify 访问令牌
ShopifyShopify 自定义应用访问令牌
ShopifyShopify 私人应用密码
SlackSlack API 令牌
SlackSlack 传入 web 挂钩 URL
SlackSlack 工作流程 web 挂钩 URL
SSLMateSSLMate API 密钥
SSLMateSSLMate 集群密钥
StripeStripe Live API 密钥
StripeStripe 测试 API 密钥
StripeStripe Live API 限制密钥
StripeStripe 测试 API 限制密钥
SupabaseSupabase 服务密钥
Tencent Cloud腾讯云密钥 ID
腾讯微信腾讯微信 API 应用 ID
TwilioTwilio 帐户字符串标识符
TwilioTwilio API 密钥
TypeformTypeform Personal Access Token
UniwiseWISEflow API 密钥
ValourValour 访问令牌
YandexYandex.Cloud API 密钥
YandexYandex.Cloud IAM Cookie
YandexYandex.Cloud IAM 令牌
YandexYandex.Dictionary API 密钥
YandexYandex.Cloud 访问机密
YandexYandex.Passport OAuth 令牌
ZuploZuplo 使用者 API

Further reading