Skip to main content

This version of GitHub Enterprise will be discontinued on 2022-06-03. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Secret scanning patterns

Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.

Secret scanning is available for organization-owned repositories in GitHub Enterprise Server if your enterprise has a license for GitHub Advanced Security. For more information, see "GitHub's products."

Note: Your site administrator must enable secret scanning for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring secret scanning for your appliance."

Supported secrets

When secret scanning is enabled, GitHub scans for secrets issued by the following service providers.

If you use the REST API for secret scanning, you can use the Secret type to report on secrets from specific issuers. For more information, see "Secret scanning."

ProviderSupported secretSecret type
Adafruit IOAdafruit IO Keyadafruit_io_key
Alibaba CloudAlibaba Cloud Access Key IDalibaba_cloud_access_key_id
Alibaba CloudAlibaba Cloud Access Key Secretalibaba_cloud_access_key_secret
Amazon Web Services (AWS)Amazon AWS Access Key IDaws_access_key_id
Amazon Web Services (AWS)Amazon AWS Secret Access Keyaws_secret_access_key
AtlassianAtlassian API Tokenatlassian_api_token
AtlassianAtlassian JSON Web Tokenatlassian_jwt
AzureAzure DevOps Personal Access Tokenazure_devops_personal_access_token
AzureAzure SAS Tokenazure_sas_token
AzureAzure Service Management Certificateazure_management_certificate
AzureAzure SQL Connection Stringazure_sql_connection_string
AzureAzure Storage Account Keyazure_storage_account_key
ClojarsClojars Deploy Tokenclojars_deploy_token
DatabricksDatabricks Access Tokendatabricks_access_token
DiscordDiscord Bot Tokendiscord_bot_token
DopplerDoppler Personal Tokendoppler_personal_token
DopplerDoppler Service Tokendoppler_service_token
DopplerDoppler CLI Tokendoppler_cli_token
DopplerDoppler SCIM Tokendoppler_scim_token
DropboxDropbox Access Tokendropbox_access_token
DropboxDropbox Short Lived Access Tokendropbox_short_lived_access_token
DynatraceDynatrace Access Tokendynatrace_access_token
DynatraceDynatrace Internal Tokendynatrace_internal_token
FinicityFinicity App Keyfinicity_app_key
Frame.ioFrame.io JSON Web Tokenframeio_jwt
Frame.ioFrame.io Developer Tokenframeio_developer_token
GitHubGitHub SSH Private Keygithub_ssh_private_key
GoCardlessGoCardless Live Access Tokengocardless_live_access_token
GoCardlessGoCardless Sandbox Access Tokengocardless_sandbox_access_token
GoogleGoogle API Keygoogle_api_key
GoogleGoogle Cloud Private Key IDgoogle_cloud_private_key_id
HashiCorpTerraform Cloud / Enterprise API Tokenterraform_api_token
HashiCorpHashiCorp Vault Batch Tokenhashicorp_vault_batch_token
HashiCorpHashiCorp Vault Service Tokenhashicorp_vault_service_token
HubspotHubspot API Keyhubspot_api_key
MailchimpMailchimp API Keymailchimp_api_key
MailgunMailgun API Keymailgun_api_key
npmnpm Access Tokennpm_access_token
NuGetNuGet API Keynuget_api_key
PalantirPalantir JSON Web Tokenpalantir_jwt
PostmanPostman API Keypostman_api_key
ProctorioProctorio Consumer Keyproctorio_consumer_key
ProctorioProctorio Linkage Keyproctorio_linkage_key
ProctorioProctorio Registration Keyproctorio_registration_key
ProctorioProctorio Secret Keyproctorio_secret_key
PulumiPulumi Access Tokenpulumi_access_token
SamsaraSamsara API Tokensamsara_api_token
SamsaraSamsara OAuth Access Tokensamsara_oauth_access_token
ShopifyShopify App Shared Secretshopify_app_shared_secret
ShopifyShopify Access Tokenshopify_access_token
ShopifyShopify Custom App Access Tokenshopify_custom_app_access_token
ShopifyShopify Private App Passwordshopify_private_app_password
SlackSlack API Tokenslack_api_token
SlackSlack Incoming Webhook URLslack_incoming_webhook_url
SlackSlack Workflow Webhook URLslack_workflow_webhook_url
SSLMateSSLMate API Keysslmate_api_key
SSLMateSSLMate Cluster Secretsslmate_cluster_secret
StripeStripe API Keystripe_api_key
StripeStripe Live API Secret Keystripe_live_secret_key
StripeStripe Test API Secret Keystripe_test_secret_key
StripeStripe Live API Restricted Keystripe_live_restricted_key
StripeStripe Test API Restricted Keystripe_test_restricted_key
Tencent CloudTencent Cloud Secret IDtencent_cloud_secret_id
TwilioTwilio Account String Identifiertwilio_account_sid
TwilioTwilio API Keytwilio_api_key

Further reading