注: この機能を使用するには、サイト管理者が your GitHub Enterprise Server instance の secret scanning を有効にする必要があります。 詳しくは、「アプライアンスでの secret scanning の構成」をご覧ください。
でサポートされるシークレット
secret scanning が有効になっていると、GitHub は、次のサービス プロバイダーによって発行されたシークレットをスキャンします。
リソースへのアクセスにペアの資格情報が必要な場合は、ペアの両方の部分が同じファイルで検出された場合にのみ、シークレット スキャンによってアラートが作成されます。 これにより、最も重大なリークが部分リークに関する情報の背後に隠されないようにします。
secret scanning に REST API を使う場合は、Secret type を使って特定の発行者からのシークレットについて報告できます。 詳しくは、「secret scanning」をご覧ください。
注: リポジトリ、Organization、または Enterprise 用のカスタム secret scanning パターンを定義することもできます。 詳細については、「secret scanningのカスタム パターンの定義」を参照してください。
| Provider | Supported secret | Secret type |
|---|---|---|
| Adafruit IO | Adafruit IO Key | adafruit_io_key |
| Adobe | Adobe Device Token | adobe_device_token |
| Adobe | Adobe Service Token | adobe_service_token |
| Adobe | Adobe Short-Lived Access Token | adobe_short_lived_access_token |
| Adobe | Adobe JSON Web Token | adobe_jwt |
| Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
| Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret |
| Amazon Web Services (AWS) | Amazon AWS Access Key ID with Amazon AWS Secret Access Key | aws_access_key_id aws_secret_access_key |
| Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key |
| Asana | Asana Personal Access Token | asana_personal_access_token |
| Atlassian | Atlassian API Token | atlassian_api_token |
| Atlassian | Atlassian JSON Web Token | atlassian_jwt |
| Atlassian | Bitbucket Server Personal Access Token | bitbucket_server_personal_access_token |
| Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
| Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key |
| Azure | Azure DevOps Personal Access Token | azure_devops_personal_access_token |
| Azure | Azure SAS Token | azure_sas_token |
| Azure | Azure Service Management Certificate | azure_management_certificate |
| Azure | Azure Storage Account Key | azure_storage_account_key |
| Beamer | Beamer API Key | beamer_api_key |
| Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key |
| Checkout.com | Checkout.com Test Secret Key | checkout_test_secret_key |
| Clojars | Clojars Deploy Token | clojars_deploy_token |
| CloudBees CodeShip | CloudBees CodeShip Credential | codeship_credential |
| Contentful | Contentful Personal Access Token | contentful_personal_access_token |
| Databricks | Databricks Access Token | databricks_access_token |
| DigitalOcean | DigitalOcean Personal Access Token | digitalocean_personal_access_token |
| DigitalOcean | DigitalOcean OAuth Token | digitalocean_oauth_token |
| DigitalOcean | DigitalOcean Refresh Token | digitalocean_refresh_token |
| DigitalOcean | DigitalOcean System Token | digitalocean_system_token |
| Discord | Discord Bot Token | discord_bot_token |
| Doppler | Doppler Personal Token | doppler_personal_token |
| Doppler | Doppler Service Token | doppler_service_token |
| Doppler | Doppler CLI Token | doppler_cli_token |
| Doppler | Doppler SCIM Token | doppler_scim_token |
| Doppler | Doppler Audit Token | doppler_audit_token |
| Dropbox | Dropbox Access Token | dropbox_access_token |
| Dropbox | Dropbox Short Lived Access Token | dropbox_short_lived_access_token |
| Duffel | Duffel Live Access Token | duffel_live_access_token |
| Duffel | Duffel Test Access Token | duffel_test_access_token |
| Dynatrace | Dynatrace Access Token | dynatrace_access_token |
| Dynatrace | Dynatrace Internal Token | dynatrace_internal_token |
| EasyPost | EasyPost Production API Key | easypost_production_api_key |
| EasyPost | EasyPost Test API Key | easypost_test_api_key |
| Fastly | Fastly API Token | fastly_api_token |
| Finicity | Finicity App Key | finicity_app_key |
| Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key |
| Flutterwave | Flutterwave Test API Secret Key | flutterwave_test_api_secret_key |
| Frame.io | Frame.io JSON Web Token | frameio_jwt |
| Frame.io | Frame.io Developer Token | frameio_developer_token |
| FullStory | FullStory API Key | fullstory_api_key |
| GitHub | GitHub Personal Access Token | github_personal_access_token |
| GitHub | GitHub OAuth Access Token | github_oauth_access_token |
| GitHub | GitHub Refresh Token | github_refresh_token |
| GitHub | GitHub App Installation Access Token | github_app_installation_access_token |
| GitHub | GitHub SSH Private Key | github_ssh_private_key |
| GitLab | GitLab Access Token | gitlab_access_token |
| GoCardless | GoCardless Live Access Token | gocardless_live_access_token |
| GoCardless | GoCardless Sandbox Access Token | gocardless_sandbox_access_token |
| Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key | |
| Google API Key | google_api_key | |
| Google Cloud Private Key ID | ||
| Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
| Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
| Google OAuth Access Token | google_oauth_access_token | |
| Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
| Google OAuth Refresh Token | google_oauth_refresh_token | |
| Grafana | Grafana API Key | grafana_api_key |
| HashiCorp | Terraform Cloud / Enterprise API Token | terraform_api_token |
| HashiCorp | HashiCorp Vault Batch Token | hashicorp_vault_batch_token |
| HashiCorp | HashiCorp Vault Service Token | hashicorp_vault_service_token |
| Hubspot | Hubspot API Key | hubspot_api_key |
| Intercom | Intercom Access Token | intercom_access_token |
| Ionic | Ionic Personal Access Token | ionic_personal_access_token |
| Ionic | Ionic Refresh Token | ionic_refresh_token |
| JD Cloud | JD Cloud Access Key | jd_cloud_access_key |
| JFrog | JFrog Platform Access Token | jfrog_platform_access_token |
| JFrog | JFrog Platform API Key | jfrog_platform_api_key |
| Linear | Linear API Key | linear_api_key |
| Linear | Linear OAuth Access Token | linear_oauth_access_token |
| Lob | Lob Live API Key | lob_live_api_key |
| Lob | Lob Test API Key | lob_test_api_key |
| Mailchimp | Mailchimp API Key | mailchimp_api_key |
| Mailgun | Mailgun API Key | mailgun_api_key |
| Mapbox | Mapbox Secret Access Token | mapbox_secret_access_token |
| MessageBird | MessageBird API Key | messagebird_api_key |
| Meta | Facebook Access Token | facebook_access_token |
| Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
| Midtrans | Midtrans Sandbox Server Key | midtrans_sandbox_server_key |
| New Relic | New Relic Personal API Key | new_relic_personal_api_key |
| New Relic | New Relic REST API Key | new_relic_rest_api_key |
| New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
| New Relic | New Relic License Key | new_relic_license_key |
| Notion | Notion Integration Token | notion_integration_token |
| Notion | Notion OAuth Client Secret | notion_oauth_client_secret |
| npm | npm Access Token | npm_access_token |
| NuGet | NuGet API Key | nuget_api_key |
| Octopus Deploy | Octopus Deploy API Key | octopus_deploy_api_key |
| Onfido | Onfido Live API Token | onfido_live_api_token |
| Onfido | Onfido Sandbox API Token | onfido_sandbox_api_token |
| OpenAI | OpenAI API Key | openai_api_key |
| Palantir | Palantir JSON Web Token | palantir_jwt |
| PlanetScale | PlanetScale Database Password | planetscale_database_password |
| PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
| PlanetScale | PlanetScale Service Token | planetscale_service_token |
| Plivo | Plivo Auth ID with Plivo Auth Token | plivo_auth_id plivo_auth_token |
| Postman | Postman API Key | postman_api_key |
| Proctorio | Proctorio Consumer Key | proctorio_consumer_key |
| Proctorio | Proctorio Linkage Key | proctorio_linkage_key |
| Proctorio | Proctorio Registration Key | proctorio_registration_key |
| Proctorio | Proctorio Secret Key | proctorio_secret_key |
| Pulumi | Pulumi Access Token | pulumi_access_token |
| PyPI | PyPI API Token | pypi_api_token |
| RubyGems | RubyGems API Key | rubygems_api_key |
| Samsara | Samsara API Token | samsara_api_token |
| Samsara | Samsara OAuth Access Token | samsara_oauth_access_token |
| Segment | Segment Public API Token | segment_public_api_token |
| SendGrid | SendGrid API Key | sendgrid_api_key |
| Sendinblue | Sendinblue API Key | sendinblue_api_key |
| Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key |
| Shippo | Shippo Live API Token | shippo_live_api_token |
| Shippo | Shippo Test API Token | shippo_test_api_token |
| Shopify | Shopify App Client Credentials | shopify_app_client_credentials |
| Shopify | Shopify App Client Secret | shopify_app_client_secret |
| Shopify | Shopify App Shared Secret | shopify_app_shared_secret |
| Shopify | Shopify Access Token | shopify_access_token |
| Shopify | Shopify Custom App Access Token | shopify_custom_app_access_token |
| Shopify | Shopify Merchant Token | shopify_merchant_token |
| Shopify | Shopify Marketplace Token | shopify_marketplace_token |
| Shopify | Shopify Partner API Token | shopify_partner_api_token |
| Shopify | Shopify Private App Password | shopify_private_app_password |
| Slack | Slack API Token | slack_api_token |
| Slack | Slack Incoming Webhook URL | slack_incoming_webhook_url |
| Slack | Slack Workflow Webhook URL | slack_workflow_webhook_url |
| Square | Square Access Token | square_access_token |
| Square | Square Production Application Secret | square_production_application_secret |
| Square | Square Sandbox Application Secret | square_sandbox_application_secret |
| SSLMate | SSLMate API Key | sslmate_api_key |
| SSLMate | SSLMate Cluster Secret | sslmate_cluster_secret |
| Stripe | Stripe API Key | stripe_api_key |
| Stripe | Stripe Live API Secret Key | stripe_live_secret_key |
| Stripe | Stripe Test API Secret Key | stripe_test_secret_key |
| Stripe | Stripe Live API Restricted Key | stripe_live_restricted_key |
| Stripe | Stripe Test API Restricted Key | stripe_test_restricted_key |
| Stripe | Stripe Webhook Signing Secret | stripe_webhook_signing_secret |
| Supabase | Supabase Service Key | supabase_service_key |
| Tableau | Tableau Personal Access Token | tableau_personal_access_token |
| Telegram | Telegram Bot Token | telegram_bot_token |
| Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id |
| Twilio | Twilio Access Token | twilio_access_token |
| Twilio | Twilio Account String Identifier | twilio_account_sid |
| Twilio | Twilio API Key | twilio_api_key |
| Typeform | Typeform Personal Access Token | typeform_personal_access_token |
| WorkOS | WorkOS Production API Key | workos_production_api_key |
| WorkOS | WorkOS Staging API Key | workos_staging_api_key |
| Yandex | Yandex.Cloud API Key | yandex_cloud_api_key |
| Yandex | Yandex.Cloud IAM Cookie | yandex_cloud_iam_cookie |
| Yandex | Yandex.Cloud IAM Token | yandex_cloud_iam_token |
| Yandex | Yandex.Dictionary API Key | yandex_dictionary_api_key |
| Yandex | Yandex.Cloud Access Secret | yandex_iam_access_secret |
| Yandex | Yandex.Predictor API Key | yandex_predictor_api_key |
| Yandex | Yandex.Translate API Key | yandex_translate_api_key |
プッシュ保護でサポートされるシークレット
プッシュ保護として Secret scanning は、現在、次のサービス プロバイダーによって発行されたシークレットのリポジトリをスキャンします。
リソースへのアクセスにペアの資格情報が必要な場合は、ペアの両方の部分が同じファイルで検出された場合にのみ、シークレット スキャンによってアラートが作成されます。 これにより、最も重大なリークが部分リークに関する情報の背後に隠されないようにします。
| Provider | Supported secret | Secret type |
|---|---|---|
| Adafruit IO | Adafruit IO Key | adafruit_io_key |
| Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
| Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret |
| Amazon Web Services (AWS) | Amazon AWS Access Key ID with Amazon AWS Secret Access Key | aws_access_key_id aws_secret_access_key |
| Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key |
| Asana | Asana Personal Access Token | asana_personal_access_token |
| Atlassian | Bitbucket Server Personal Access Token | bitbucket_server_personal_access_token |
| Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
| Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key |
| Azure | Azure DevOps Personal Access Token | azure_devops_personal_access_token |
| Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key |
| Clojars | Clojars Deploy Token | clojars_deploy_token |
| Databricks | Databricks Access Token | databricks_access_token |
| DigitalOcean | DigitalOcean Personal Access Token | digitalocean_personal_access_token |
| DigitalOcean | DigitalOcean OAuth Token | digitalocean_oauth_token |
| DigitalOcean | DigitalOcean Refresh Token | digitalocean_refresh_token |
| DigitalOcean | DigitalOcean System Token | digitalocean_system_token |
| Discord | Discord Bot Token | discord_bot_token |
| Doppler | Doppler Personal Token | doppler_personal_token |
| Doppler | Doppler Service Token | doppler_service_token |
| Doppler | Doppler CLI Token | doppler_cli_token |
| Doppler | Doppler SCIM Token | doppler_scim_token |
| Doppler | Doppler Audit Token | doppler_audit_token |
| Dropbox | Dropbox Short Lived Access Token | dropbox_short_lived_access_token |
| Duffel | Duffel Live Access Token | duffel_live_access_token |
| EasyPost | EasyPost Production API Key | easypost_production_api_key |
| Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key |
| Fullstory | FullStory API Key | fullstory_api_key |
| GitHub | GitHub Personal Access Token | github_personal_access_token |
| GitHub | GitHub OAuth Access Token | github_oauth_access_token |
| GitHub | GitHub Refresh Token | github_refresh_token |
| GitHub | GitHub App Installation Access Token | github_app_installation_access_token |
| GitHub | GitHub SSH Private Key | github_ssh_private_key |
| Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
| Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
| Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
| Grafana | Grafana API Key | grafana_api_key |
| Hubspot | Hubspot API Key | hubspot_api_key |
| Intercom | Intercom Access Token | intercom_access_token |
| Ionic | Ionic Personal Access Token | ionic_personal_access_token |
| Ionic | Ionic Refresh Token | ionic_refresh_token |
| Linear | Linear API Key | linear_api_key |
| Linear | Linear OAuth Access Token | linear_oauth_access_token |
| Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
| New Relic | New Relic Personal API Key | new_relic_personal_api_key |
| New Relic | New Relic REST API Key | new_relic_rest_api_key |
| New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
| npm | npm Access Token | npm_access_token |
| NuGet | NuGet API Key | nuget_api_key |
| Onfido | Onfido Live API Token | onfido_live_api_token |
| OpenAI | OpenAI API Key | openai_api_key |
| PlanetScale | PlanetScale Database Password | planetscale_database_password |
| PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
| PlanetScale | PlanetScale Service Token | planetscale_service_token |
| Postman | Postman API Key | postman_api_key |
| Proctorio | Proctorio Secret Key | proctorio_secret_key |
| Samsara | Samsara API Token | samsara_api_token |
| Samsara | Samsara OAuth Access Token | samsara_oauth_access_token |
| SendGrid | SendGrid API Key | sendgrid_api_key |
| Sendinblue | Sendinblue API Key | sendinblue_api_key |
| Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key |
| Shippo | Shippo Live API Token | shippo_live_api_token |
| Shopify | Shopify App Shared Secret | shopify_app_shared_secret |
| Shopify | Shopify Access Token | shopify_access_token |
| Slack | Slack API Token | slack_api_token |
| Stripe | Stripe Live API Secret Key | stripe_api_key |
| Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id |
| Typeform | Typeform Personal Access Token | typeform_personal_access_token |
| WorkOS | WorkOS Production API Key | workos_production_api_key |
参考資料
- 「リポジトリの保護」
- 「アカウントとデータを安全に保つ」
- Secret scanning パートナー プログラム (GitHub Enterprise Cloud ドキュメント)