Nota: El administrador del sitio debe habilitar secret scanning para your GitHub Enterprise Server instance antes de que puedas utilizar esta característica. Para más información, consulta "Configuración de secret scanning para el dispositivo".
Secretos compatibles
Cuando los datos secret scanning está habilitado, GitHub examina los secretos emitidos por los siguientes proveedores de servicios.
Si el acceso a un recurso requiere credenciales emparejadas, la exploración de secretos creará una alerta solo cuando se detecten las dos partes del par en el mismo archivo. Esto garantiza que las fugas más críticas no queden ocultas detrás de la información sobre fugas parciales.
Si usas la API REST para el examen de secretos, puedes usar Secret type para informar sobre secretos de emisores específicos. Para obtener más información, consulta "Examen de secretos".
Nota: También puede definir patrones personalizados de secret scanning para el repositorio, la organización o la empresa. Para obtener más información, consulte "Definición de patrones personalizados para secret scanning".
| Provider | Supported secret | Secret type |
|---|---|---|
| Adafruit IO | Adafruit IO Key | adafruit_io_key |
| Adobe | Adobe Device Token | adobe_device_token |
| Adobe | Adobe Service Token | adobe_service_token |
| Adobe | Adobe Short-Lived Access Token | adobe_short_lived_access_token |
| Adobe | Adobe JSON Web Token | adobe_jwt |
| Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
| Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret |
| Amazon Web Services (AWS) | Amazon AWS Access Key ID with Amazon AWS Secret Access Key | aws_access_key_id aws_secret_access_key |
| Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key |
| Asana | Asana Personal Access Token | asana_personal_access_token |
| Atlassian | Atlassian API Token | atlassian_api_token |
| Atlassian | Atlassian JSON Web Token | atlassian_jwt |
| Atlassian | Bitbucket Server Personal Access Token | bitbucket_server_personal_access_token |
| Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
| Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key |
| Azure | Azure DevOps Personal Access Token | azure_devops_personal_access_token |
| Azure | Azure SAS Token | azure_sas_token |
| Azure | Azure Service Management Certificate | azure_management_certificate |
| Azure | Azure Storage Account Key | azure_storage_account_key |
| Beamer | Beamer API Key | beamer_api_key |
| Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key |
| Checkout.com | Checkout.com Test Secret Key | checkout_test_secret_key |
| Clojars | Clojars Deploy Token | clojars_deploy_token |
| CloudBees CodeShip | CloudBees CodeShip Credential | codeship_credential |
| Contentful | Contentful Personal Access Token | contentful_personal_access_token |
| Databricks | Databricks Access Token | databricks_access_token |
| Discord | Discord Bot Token | discord_bot_token |
| Doppler | Doppler Personal Token | doppler_personal_token |
| Doppler | Doppler Service Token | doppler_service_token |
| Doppler | Doppler CLI Token | doppler_cli_token |
| Doppler | Doppler SCIM Token | doppler_scim_token |
| Doppler | Doppler Audit Token | doppler_audit_token |
| Dropbox | Dropbox Access Token | dropbox_access_token |
| Dropbox | Dropbox Short Lived Access Token | dropbox_short_lived_access_token |
| Duffel | Duffel Live Access Token | duffel_live_access_token |
| Duffel | Duffel Test Access Token | duffel_test_access_token |
| Dynatrace | Dynatrace Access Token | dynatrace_access_token |
| Dynatrace | Dynatrace Internal Token | dynatrace_internal_token |
| EasyPost | EasyPost Production API Key | easypost_production_api_key |
| EasyPost | EasyPost Test API Key | easypost_test_api_key |
| Fastly | Fastly API Token | fastly_api_token |
| Finicity | Finicity App Key | finicity_app_key |
| Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key |
| Flutterwave | Flutterwave Test API Secret Key | flutterwave_test_api_secret_key |
| Frame.io | Frame.io JSON Web Token | frameio_jwt |
| Frame.io | Frame.io Developer Token | frameio_developer_token |
| FullStory | FullStory API Key | fullstory_api_key |
| GitHub | GitHub Personal Access Token | github_personal_access_token |
| GitHub | GitHub OAuth Access Token | github_oauth_access_token |
| GitHub | GitHub Refresh Token | github_refresh_token |
| GitHub | GitHub App Installation Access Token | github_app_installation_access_token |
| GitHub | GitHub SSH Private Key | github_ssh_private_key |
| GitLab | GitLab Access Token | gitlab_access_token |
| GoCardless | GoCardless Live Access Token | gocardless_live_access_token |
| GoCardless | GoCardless Sandbox Access Token | gocardless_sandbox_access_token |
| Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key | |
| Google API Key | google_api_key | |
| Google Cloud Private Key ID | ||
| Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
| Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
| Google OAuth Access Token | google_oauth_access_token | |
| Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
| Google OAuth Refresh Token | google_oauth_refresh_token | |
| Grafana | Grafana API Key | grafana_api_key |
| HashiCorp | Terraform Cloud / Enterprise API Token | terraform_api_token |
| HashiCorp | HashiCorp Vault Batch Token | hashicorp_vault_batch_token |
| HashiCorp | HashiCorp Vault Service Token | hashicorp_vault_service_token |
| Hubspot | Hubspot API Key | hubspot_api_key |
| Intercom | Intercom Access Token | intercom_access_token |
| Ionic | Ionic Personal Access Token | ionic_personal_access_token |
| Ionic | Ionic Refresh Token | ionic_refresh_token |
| JFrog | JFrog Platform Access Token | jfrog_platform_access_token |
| JFrog | JFrog Platform API Key | jfrog_platform_api_key |
| Linear | Linear API Key | linear_api_key |
| Linear | Linear OAuth Access Token | linear_oauth_access_token |
| Lob | Lob Live API Key | lob_live_api_key |
| Lob | Lob Test API Key | lob_test_api_key |
| Mailchimp | Mailchimp API Key | mailchimp_api_key |
| Mailgun | Mailgun API Key | mailgun_api_key |
| Mapbox | Mapbox Secret Access Token | mapbox_secret_access_token |
| MessageBird | MessageBird API Key | messagebird_api_key |
| Meta | Facebook Access Token | facebook_access_token |
| Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
| Midtrans | Midtrans Sandbox Server Key | midtrans_sandbox_server_key |
| New Relic | New Relic Personal API Key | new_relic_personal_api_key |
| New Relic | New Relic REST API Key | new_relic_rest_api_key |
| New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
| New Relic | New Relic License Key | new_relic_license_key |
| Notion | Notion Integration Token | notion_integration_token |
| Notion | Notion OAuth Client Secret | notion_oauth_client_secret |
| npm | npm Access Token | npm_access_token |
| NuGet | NuGet API Key | nuget_api_key |
| Octopus Deploy | Octopus Deploy API Key | octopus_deploy_api_key |
| Onfido | Onfido Live API Token | onfido_live_api_token |
| Onfido | Onfido Sandbox API Token | onfido_sandbox_api_token |
| OpenAI | OpenAI API Key | openai_api_key |
| Palantir | Palantir JSON Web Token | palantir_jwt |
| PlanetScale | PlanetScale Database Password | planetscale_database_password |
| PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
| PlanetScale | PlanetScale Service Token | planetscale_service_token |
| Plivo | Plivo Auth ID with Plivo Auth Token | plivo_auth_id plivo_auth_token |
| Postman | Postman API Key | postman_api_key |
| Proctorio | Proctorio Consumer Key | proctorio_consumer_key |
| Proctorio | Proctorio Linkage Key | proctorio_linkage_key |
| Proctorio | Proctorio Registration Key | proctorio_registration_key |
| Proctorio | Proctorio Secret Key | proctorio_secret_key |
| Pulumi | Pulumi Access Token | pulumi_access_token |
| PyPI | PyPI API Token | pypi_api_token |
| RubyGems | RubyGems API Key | rubygems_api_key |
| Samsara | Samsara API Token | samsara_api_token |
| Samsara | Samsara OAuth Access Token | samsara_oauth_access_token |
| SendGrid | SendGrid API Key | sendgrid_api_key |
| Sendinblue | Sendinblue API Key | sendinblue_api_key |
| Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key |
| Shippo | Shippo Live API Token | shippo_live_api_token |
| Shippo | Shippo Test API Token | shippo_test_api_token |
| Shopify | Shopify App Shared Secret | shopify_app_shared_secret |
| Shopify | Shopify Access Token | shopify_access_token |
| Shopify | Shopify Custom App Access Token | shopify_custom_app_access_token |
| Shopify | Shopify Private App Password | shopify_private_app_password |
| Slack | Slack API Token | slack_api_token |
| Slack | Slack Incoming Webhook URL | slack_incoming_webhook_url |
| Slack | Slack Workflow Webhook URL | slack_workflow_webhook_url |
| Square | Square Access Token | square_access_token |
| Square | Square Production Application Secret | square_production_application_secret |
| Square | Square Sandbox Application Secret | square_sandbox_application_secret |
| SSLMate | SSLMate API Key | sslmate_api_key |
| SSLMate | SSLMate Cluster Secret | sslmate_cluster_secret |
| Stripe | Stripe API Key | stripe_api_key |
| Stripe | Stripe Live API Secret Key | stripe_live_secret_key |
| Stripe | Stripe Test API Secret Key | stripe_test_secret_key |
| Stripe | Stripe Live API Restricted Key | stripe_live_restricted_key |
| Stripe | Stripe Test API Restricted Key | stripe_test_restricted_key |
| Stripe | Stripe Webhook Signing Secret | stripe_webhook_signing_secret |
| Supabase | Supabase Service Key | supabase_service_key |
| Tableau | Tableau Personal Access Token | tableau_personal_access_token |
| Telegram | Telegram Bot Token | telegram_bot_token |
| Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id |
| Twilio | Twilio Access Token | twilio_access_token |
| Twilio | Twilio Account String Identifier | twilio_account_sid |
| Twilio | Twilio API Key | twilio_api_key |
| Typeform | Typeform Personal Access Token | typeform_personal_access_token |
| Yandex | Yandex.Cloud API Key | yandex_cloud_api_key |
| Yandex | Yandex.Cloud IAM Cookie | yandex_cloud_iam_cookie |
| Yandex | Yandex.Cloud IAM Token | yandex_cloud_iam_token |
| Yandex | Yandex.Dictionary API Key | yandex_dictionary_api_key |
| Yandex | Yandex.Predictor API Key | yandex_predictor_api_key |
| Yandex | Yandex.Translate API Key | yandex_translate_api_key |
Información adicional
- "Protección del repositorio"
- "Protección de la cuenta y los datos"
- "Programa de asociados de Secret scanning" en la documentación de GitHub Enterprise Cloud