About secret scanning patterns
GitHub maintains these different sets of secret scanning patterns:
- Partner patterns. Used to detect potential secrets in all public repositories. For details, see "Supported secrets for partner patterns."
- Advanced security patterns. Used to detect potential secrets in repositories with secret scanning enabled.
Organizations using GitHub Enterprise Cloud with GitHub Advanced Security can enable secret scanning for advanced security on their repositories. For details of these patterns, see the GitHub Enterprise Cloud documentation.
Supported secrets for partner patterns
GitHub currently scans public repositories for secrets issued by the following service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about secret scanning for partner patterns, see "About secret scanning for partner patterns."
如果访问资源需要配对的凭据,则只有在同一文件中检测到该配对的两个凭据时,机密扫描才会创建警报。 这可确保最关键的泄漏不会隐藏在有关部分泄漏的信息后面。
| Partner | 支持的密钥 |
|---|---|
| Adafruit IO | Adafruit IO 密钥 |
| Adobe | Adobe 设备令牌 |
| Adobe | Adobe 服务令牌 |
| Adobe | Adobe 短暂访问令牌 |
| Adobe | Adobe JSON Web 令牌 |
| Alibaba Cloud | Alibaba 云端访问密钥 ID 和访问密钥对 |
| Amazon Web Services (AWS) | Amazon AWS 访问密钥 ID 和秘密访问密钥对 |
| Atlassian | Atlassian API 令牌 |
| Atlassian | Atlassian JSON Web 令牌 |
| Azure | Azure Active Directory 应用程序密钥 |
| Azure | Azure Batch 可识别密钥 |
| Azure | Azure CosmosDB 可识别密钥 |
| Azure | Azure DevOps Personal Access Token |
| Azure | Azure ML 工作室(经典)Web 服务密钥 |
| Azure | Azure SAS 令牌 |
| Azure | Azure 搜索管理密钥 |
| Azure | Azure 搜索查询密钥 |
| Azure | Azure 服务管理证书 |
| Azure | Azure SQL 连接字符串 |
| Azure | Azure 存储帐户密钥 |
| Checkout.com | Checkout.com 生产密钥 |
| Checkout.com | Checkout.com 测试密钥 |
| Chief | Chief 工具令牌 |
| Clojars | Clojars 部署令牌 |
| CloudBees CodeShip | CloudBees CodeShip 凭据 |
| 参与的系统 | 参与的系统凭据 |
| Databricks | Databricks 访问令牌 |
| Datadog | Datadog API 密钥 |
| DevCycle | DevCycle 客户端 API 密钥 |
| DevCycle | DevCycle 服务器 API 密钥 |
| DigitalOcean | DigitalOcean Personal Access Token |
| DigitalOcean | DigitalOcean OAuth 令牌 |
| DigitalOcean | DigitalOcean 刷新令牌 |
| DigitalOcean | DigitalOcean 系统令牌 |
| Discord | Discord 自动程序令牌 |
| Doppler | Doppler 个人令牌 |
| Doppler | Doppler 服务令牌 |
| Doppler | Doppler CLI 令牌 |
| Doppler | Doppler SCIM 令牌 |
| Doppler | Doppler 审核令牌 |
| Dropbox | Dropbox 访问令牌 |
| Dropbox | Dropbox 短暂访问令牌 |
| Dynatrace | Dynatrace 访问令牌 |
| Dynatrace | Dynatrace 内部令牌 |
| Figma | Figma Personal Access Token |
| Finicity | Finicity App 密钥 |
| Frame.io | Frame.io JSON Web 令牌 |
| Frame.io | Frame.io Developer 令牌 |
| FullStory | FullStory API 密钥 |
| GitHub | GitHub Personal Access Token |
| GitHub | GitHub OAuth 访问令牌 |
| GitHub | GitHub 刷新令牌 |
| GitHub | GitHub App 安装访问令牌 |
| GitHub | GitHub SSH 私钥 |
| GoCardless | GoCardless 实时访问令牌 |
| GoCardless | GoCardless Sandbox 访问令牌 |
| Google Cloud | Google API 密钥 |
| Google Cloud | Google Cloud 私钥 ID |
| Hashicorp Terraform | Terraform Cloud / Enterprise API 令牌 |
| Hubspot | Hubspot API 密钥 |
| Hubspot | Hubspot API 个人访问密钥 |
| Ionic | Ionic Personal Access Token |
| Ionic | Ionic 刷新令牌 |
| JD Cloud | JD Cloud 访问密钥 |
| 线性 | 线性 API 密钥 |
| 线性 | 线性 OAuth 访问令牌 |
| Mailchimp | Mailchimp API 密钥 |
| Mailchimp | Mandril API 密钥 |
| Mailgun | Mailgun API 密钥 |
| MessageBird | MessageBird API 密钥 |
| 元数据 | Facebook Access Token |
| npm | npm 访问令牌 |
| NuGet | NuGet API 密钥 |
| Octopus 部署 | Octopus 部署 API 密钥 |
| OpenAI | OpenAI API 密钥 |
| Palantir | Palantir JSON Web 令牌 |
| PlanetScale | PlanetScale 数据库密码 |
| PlanetScale | PlanetScale OAuth 令牌 |
| PlanetScale | PlanetScale 服务令牌 |
| Plivo | Plivo 身份验证 ID 和令牌 |
| Postman | Postman API 密钥 |
| Prefect | Prefect 服务器 API 密钥 |
| Prefect | Prefect 用户 API 令牌 |
| Proctorio | Proctorio 消费者密钥 |
| Proctorio | Proctorio 链接密钥 |
| Proctorio | Proctorio 注册密钥 |
| Proctorio | Proctorio 密钥 |
| Pulumi | Pulumi 访问令牌 |
| PyPI | PyPI API 令牌 |
| ReadMe | ReadMe API 访问密钥 |
| redirect.pizza | redirect.pizza API 令牌 |
| RubyGems | RubyGems API 密钥 |
| Samsara | Samsara API 令牌 |
| Samsara | Samsara OAuth 访问令牌 |
| SendGrid | SendGrid API 密钥 |
| Sendinblue | Sendinblue API 密钥 |
| Sendinblue | Sendinblue SMTP 密钥 |
| Shopify | Shopify App 共享密钥 |
| Shopify | Shopify 访问令牌 |
| Shopify | Shopify 自定义应用访问令牌 |
| Shopify | Shopify 私人应用密码 |
| Slack | Slack API 令牌 |
| Slack | Slack 传入 web 挂钩 URL |
| Slack | Slack 工作流程 web 挂钩 URL |
| SSLMate | SSLMate API 密钥 |
| SSLMate | SSLMate 集群密钥 |
| Stripe | Stripe Live API 密钥 |
| Stripe | Stripe 测试 API 密钥 |
| Stripe | Stripe Live API 限制密钥 |
| Stripe | Stripe 测试 API 限制密钥 |
| Supabase | Supabase 服务密钥 |
| Tencent Cloud | 腾讯云密钥 ID |
| 腾讯微信 | 腾讯微信 API 应用 ID |
| Twilio | Twilio 帐户字符串标识符 |
| Twilio | Twilio API 密钥 |
| Typeform | Typeform Personal Access Token |
| Uniwise | WISEflow API 密钥 |
| Valour | Valour 访问令牌 |
| Yandex | Yandex.Cloud API 密钥 |
| Yandex | Yandex.Cloud IAM Cookie |
| Yandex | Yandex.Cloud IAM 令牌 |
| Yandex | Yandex.Dictionary API 密钥 |
| Yandex | Yandex.Cloud 访问机密 |
| Yandex | Yandex.Passport OAuth 令牌 |
| Zuplo | Zuplo 使用者 API |