Skip to main content

Secret scanning patterns

Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.

秘密扫描合作伙伴模式 is automatically run on public repositories in all products on GitHub.com. 秘密扫描,用于高级安全 is available for repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. 更多信息请参阅“GitHub 的产品”。

About 秘密扫描 patterns

GitHub maintains two different sets of 秘密扫描 patterns:

  1. Partner patterns. Used to detect potential secrets in all public repositories. For details, see "Supported secrets for partner patterns."
  2. Advanced security patterns. Used to detect potential secrets in repositories with 秘密扫描 enabled.

Organizations using GitHub Enterprise Cloud with GitHub Advanced Security can enable > - 秘密扫描,用于高级安全 on their repositories. For details of these patterns, see the GitHub Enterprise Cloud documentation.

Supported secrets for partner patterns

GitHub currently scans public repositories for secrets issued by the following service providers. For more information about 秘密扫描合作伙伴模式, see "About 秘密扫描合作伙伴模式."

合作伙伴支持的密钥
Adafruit IOAdafruit IO 密钥
AdobeAdobe 设备令牌
AdobeAdobe 服务令牌
AdobeAdobe 短暂访问令牌
AdobeAdobe JSON Web 令牌
Alibaba CloudAlibaba 云端访问密钥 ID 和访问密钥对
Amazon Web Services (AWS)Amazon AWS 访问密钥 ID 和秘密访问密钥对
AtlassianAtlassian API 令牌
AtlassianAtlassian JSON Web 令牌
AzureAzure Active Directory 应用程序密钥
AzureAzure DevOps 个人访问令牌
AzureAzure SAS 令牌
AzureAzure 服务管理证书
AzureAzure SQL 连接字符串
AzureAzure 存储账户密钥
Checkout.comCheckout.com 生产密钥
Checkout.comCheckout.com 测试密钥
ClojarsClojars 部署令牌
CloudBees CodeShipCloudBees CodeShip 凭据
Contributed SystemsContributed Systems 凭据
DatabricksDatabricks 访问令牌
DatadogDatadog API 密钥
DigitalOceanDigitalOcean Personal Access Token
DigitalOceanDigitalOcean OAuth Token
DigitalOceanDigitalOcean Refresh Token
DigitalOceanDigitalOcean System Token
DiscordDiscord 自动程序令牌
DopplerDoppler 个人令牌
DopplerDoppler 服务令牌
DopplerDoppler CLI 令牌
DopplerDoppler SCIM 令牌
DopplerDoppler Audit 令牌
DropboxDropbox 访问令牌
DropboxDropbox 短暂访问令牌
DynatraceDynatrace 访问令牌
DynatraceDynatrace 内部令牌
FinicityFinicity App 密钥
Frame.ioFrame.io JSON Web 令牌
Frame.ioFrame.io Developer 令牌
FullStoryFullStory API 密钥
GitHubGitHub 个人访问令牌
GitHubGitHub OAuth 访问令牌
GitHubGitHub 刷新令牌
GitHubGitHub App 安装访问令牌
GitHubGitHub SSH 私钥
GoCardlessGoCardless 实时访问令牌
GoCardlessGoCardless Sandbox 访问令牌
Google CloudGoogle API 密钥
Google CloudGoogle Cloud 私钥 ID
Hashicorp TerraformTerraform Cloud / Enterprise API 令牌
HubspotHubspot API 密钥
IonicIonic 个人访问令牌
IonicIonic 刷新令牌
JD CloudJD Cloud 访问密钥
线性线性 API 密钥
线性线性 OAuth 访问令牌
MailchimpMailchimp API 密钥
MailchimpMandril API 密钥
MailgunMailgun API 密钥
MessageBirdMessageBird API 密钥
元数据Facebook Access Token
npmnpm 访问令牌
NuGetNuGet API 密钥
Octopus DeployOctopus Deploy API 密钥
OpenAIOpenAI API 密钥
PalantirPalantir JSON Web 令牌
PlanetScalePlanetscale 数据库密码
PlanetScalePlanetscale OAuth 令牌
PlanetScalePlanetScale 服务令牌
PlivoPlivo 验证 ID 和令牌
PostmanPostman API 密钥
ProctorioProctorio 消费者密钥
ProctorioProctorio 链接密钥
ProctorioProctorio 注册密钥
ProctorioProctorio 密钥
PulumiPulumi 访问令牌
PyPIPyPI API 令牌
RubyGemsRubyGems API 密钥
SamsaraSamsara API 令牌
SamsaraSamsara OAuth 访问令牌
SendGridSendGrid API Key
SendinblueSendinBlue API 密钥
SendinblueSendinBlue SMTP 密钥
ShopifyShopify App 共享密钥
ShopifyShopify 访问令牌
ShopifyShopify 自定义应用访问令牌
ShopifyShopify 私人应用密码
SlackSlack API 令牌
SlackSlack 传入 web 挂钩 URL
SlackSlack 工作流程 web 挂钩 URL
SSLMateSSLMate API 密钥
SSLMateSSLMate 集群密钥
StripeStripe Live API 密钥
StripeStripe 测试 API 密钥
StripeStripe Live API 限制密钥
StripeStripe 测试 API 限制密钥
SupabaseSupabase 服务密钥
Tencent Cloud腾讯云密钥 ID
TwilioTwilio 帐户字符串标识符
TwilioTwilio API 密钥
TypeformTypeform 个人访问令牌
ValourValour 访问令牌

Further reading