Skip to main content

secret scanning パターン

サポートされているシークレットと、誤ってコミットされたシークレットの不正使用を防ぐために GitHub が連携するパートナーの一覧。

Secret scanning is available for organization-owned repositories in GitHub Enterprise Server if your enterprise has a license for GitHub Advanced Security. 詳細については、「GitHub Advanced Security について」を参照してください。

注: この機能を使用するには、サイト管理者が your GitHub Enterprise Server instance の secret scanning を有効にする必要があります。 詳しくは、「アプライアンスでの secret scanning の構成」をご覧ください。

でサポートされるシークレット

secret scanning が有効になっていると、GitHub は、次のサービス プロバイダーによって発行されたシークレットをスキャンします。

リソースへのアクセスにペアの資格情報が必要な場合は、ペアの両方の部分が同じファイルで検出された場合にのみ、シークレット スキャンによってアラートが作成されます。 これにより、最も重大なリークが部分リークに関する情報の背後に隠されないようにします。

secret scanning に REST API を使う場合は、Secret type を使って特定の発行者からのシークレットについて報告できます。 詳しくは、「secret scanning」をご覧ください。

注: リポジトリ、Organization、または Enterprise 用のカスタム secret scanning パターンを定義することもできます。 詳細については、「secret scanningのカスタム パターンの定義」を参照してください。

ProviderSupported secretSecret type
Adafruit IOAdafruit IO Keyadafruit_io_key
AdobeAdobe Device Tokenadobe_device_token
AdobeAdobe Service Tokenadobe_service_token
AdobeAdobe Short-Lived Access Tokenadobe_short_lived_access_token
AdobeAdobe JSON Web Tokenadobe_jwt
Alibaba CloudAlibaba Cloud Access Key ID with Alibaba Cloud Access Key Secretalibaba_cloud_access_key_id
alibaba_cloud_access_key_secret
AmazonAmazon OAuth Client ID with Amazon OAuth Client Secretamazon_oauth_client_id
amazon_oauth_client_secret
Amazon Web Services (AWS)Amazon AWS Access Key ID with Amazon AWS Secret Access Keyaws_access_key_id
aws_secret_access_key
Amazon Web Services (AWS)Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Keyaws_session_token
aws_temporary_access_key_id
aws_secret_access_key
AsanaAsana Personal Access Tokenasana_personal_access_token
AtlassianAtlassian API Tokenatlassian_api_token
AtlassianAtlassian JSON Web Tokenatlassian_jwt
AtlassianBitbucket Server Personal Access Tokenbitbucket_server_personal_access_token
AzureAzure Active Directory Application Secretazure_active_directory_application_secret
AzureAzure Cache for Redis Access Keyazure_cache_for_redis_access_key
AzureAzure DevOps Personal Access Tokenazure_devops_personal_access_token
AzureAzure SAS Tokenazure_sas_token
AzureAzure Service Management Certificateazure_management_certificate
AzureAzure Storage Account Keyazure_storage_account_key
BeamerBeamer API Keybeamer_api_key
Checkout.comCheckout.com Production Secret Keycheckout_production_secret_key
Checkout.comCheckout.com Test Secret Keycheckout_test_secret_key
ClojarsClojars Deploy Tokenclojars_deploy_token
CloudBees CodeShipCloudBees CodeShip Credentialcodeship_credential
ContentfulContentful Personal Access Tokencontentful_personal_access_token
DatabricksDatabricks Access Tokendatabricks_access_token
DigitalOceanDigitalOcean Personal Access Tokendigitalocean_personal_access_token
DigitalOceanDigitalOcean OAuth Tokendigitalocean_oauth_token
DigitalOceanDigitalOcean Refresh Tokendigitalocean_refresh_token
DigitalOceanDigitalOcean System Tokendigitalocean_system_token
DiscordDiscord Bot Tokendiscord_bot_token
DopplerDoppler Personal Tokendoppler_personal_token
DopplerDoppler Service Tokendoppler_service_token
DopplerDoppler CLI Tokendoppler_cli_token
DopplerDoppler SCIM Tokendoppler_scim_token
DopplerDoppler Audit Tokendoppler_audit_token
DropboxDropbox Access Tokendropbox_access_token
DropboxDropbox Short Lived Access Tokendropbox_short_lived_access_token
DuffelDuffel Live Access Tokenduffel_live_access_token
DuffelDuffel Test Access Tokenduffel_test_access_token
DynatraceDynatrace Access Tokendynatrace_access_token
DynatraceDynatrace Internal Tokendynatrace_internal_token
EasyPostEasyPost Production API Keyeasypost_production_api_key
EasyPostEasyPost Test API Keyeasypost_test_api_key
FastlyFastly API Tokenfastly_api_token
FinicityFinicity App Keyfinicity_app_key
FlutterwaveFlutterwave Live API Secret Keyflutterwave_live_api_secret_key
FlutterwaveFlutterwave Test API Secret Keyflutterwave_test_api_secret_key
Frame.ioFrame.io JSON Web Tokenframeio_jwt
Frame.ioFrame.io Developer Tokenframeio_developer_token
FullStoryFullStory API Keyfullstory_api_key
GitHubGitHub Personal Access Tokengithub_personal_access_token
GitHubGitHub OAuth Access Tokengithub_oauth_access_token
GitHubGitHub Refresh Tokengithub_refresh_token
GitHubGitHub App Installation Access Tokengithub_app_installation_access_token
GitHubGitHub SSH Private Keygithub_ssh_private_key
GitLabGitLab Access Tokengitlab_access_token
GoCardlessGoCardless Live Access Tokengocardless_live_access_token
GoCardlessGoCardless Sandbox Access Tokengocardless_sandbox_access_token
GoogleFirebase Cloud Messaging Server Keyfirebase_cloud_messaging_server_key
GoogleGoogle API Keygoogle_api_key
GoogleGoogle Cloud Private Key ID
GoogleGoogle Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secretgoogle_cloud_storage_service_account_access_key_id
google_cloud_storage_access_key_secret
GoogleGoogle Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secretgoogle_cloud_storage_user_access_key_id
google_cloud_storage_access_key_secret
GoogleGoogle OAuth Access Tokengoogle_oauth_access_token
GoogleGoogle OAuth Client ID with Google OAuth Client Secretgoogle_oauth_client_id
google_oauth_client_secret
GoogleGoogle OAuth Refresh Tokengoogle_oauth_refresh_token
GrafanaGrafana API Keygrafana_api_key
HashiCorpTerraform Cloud / Enterprise API Tokenterraform_api_token
HashiCorpHashiCorp Vault Batch Tokenhashicorp_vault_batch_token
HashiCorpHashiCorp Vault Service Tokenhashicorp_vault_service_token
HubspotHubspot API Keyhubspot_api_key
IntercomIntercom Access Tokenintercom_access_token
IonicIonic Personal Access Tokenionic_personal_access_token
IonicIonic Refresh Tokenionic_refresh_token
JD CloudJD Cloud Access Keyjd_cloud_access_key
JFrogJFrog Platform Access Tokenjfrog_platform_access_token
JFrogJFrog Platform API Keyjfrog_platform_api_key
LinearLinear API Keylinear_api_key
LinearLinear OAuth Access Tokenlinear_oauth_access_token
LobLob Live API Keylob_live_api_key
LobLob Test API Keylob_test_api_key
MailchimpMailchimp API Keymailchimp_api_key
MailgunMailgun API Keymailgun_api_key
MapboxMapbox Secret Access Tokenmapbox_secret_access_token
MessageBirdMessageBird API Keymessagebird_api_key
MetaFacebook Access Tokenfacebook_access_token
MidtransMidtrans Production Server Keymidtrans_production_server_key
MidtransMidtrans Sandbox Server Keymidtrans_sandbox_server_key
New RelicNew Relic Personal API Keynew_relic_personal_api_key
New RelicNew Relic REST API Keynew_relic_rest_api_key
New RelicNew Relic Insights Query Keynew_relic_insights_query_key
New RelicNew Relic License Keynew_relic_license_key
NotionNotion Integration Tokennotion_integration_token
NotionNotion OAuth Client Secretnotion_oauth_client_secret
npmnpm Access Tokennpm_access_token
NuGetNuGet API Keynuget_api_key
Octopus DeployOctopus Deploy API Keyoctopus_deploy_api_key
OnfidoOnfido Live API Tokenonfido_live_api_token
OnfidoOnfido Sandbox API Tokenonfido_sandbox_api_token
OpenAIOpenAI API Keyopenai_api_key
PalantirPalantir JSON Web Tokenpalantir_jwt
PlanetScalePlanetScale Database Passwordplanetscale_database_password
PlanetScalePlanetScale OAuth Tokenplanetscale_oauth_token
PlanetScalePlanetScale Service Tokenplanetscale_service_token
PlivoPlivo Auth ID with Plivo Auth Tokenplivo_auth_id
plivo_auth_token
PostmanPostman API Keypostman_api_key
ProctorioProctorio Consumer Keyproctorio_consumer_key
ProctorioProctorio Linkage Keyproctorio_linkage_key
ProctorioProctorio Registration Keyproctorio_registration_key
ProctorioProctorio Secret Keyproctorio_secret_key
PulumiPulumi Access Tokenpulumi_access_token
PyPIPyPI API Tokenpypi_api_token
RubyGemsRubyGems API Keyrubygems_api_key
SamsaraSamsara API Tokensamsara_api_token
SamsaraSamsara OAuth Access Tokensamsara_oauth_access_token
SegmentSegment Public API Tokensegment_public_api_token
SendGridSendGrid API Keysendgrid_api_key
SendinblueSendinblue API Keysendinblue_api_key
SendinblueSendinblue SMTP Keysendinblue_smtp_key
ShippoShippo Live API Tokenshippo_live_api_token
ShippoShippo Test API Tokenshippo_test_api_token
ShopifyShopify App Client Credentialsshopify_app_client_credentials
ShopifyShopify App Client Secretshopify_app_client_secret
ShopifyShopify App Shared Secretshopify_app_shared_secret
ShopifyShopify Access Tokenshopify_access_token
ShopifyShopify Custom App Access Tokenshopify_custom_app_access_token
ShopifyShopify Merchant Tokenshopify_merchant_token
ShopifyShopify Marketplace Tokenshopify_marketplace_token
ShopifyShopify Partner API Tokenshopify_partner_api_token
ShopifyShopify Private App Passwordshopify_private_app_password
SlackSlack API Tokenslack_api_token
SlackSlack Incoming Webhook URLslack_incoming_webhook_url
SlackSlack Workflow Webhook URLslack_workflow_webhook_url
SquareSquare Access Tokensquare_access_token
SquareSquare Production Application Secretsquare_production_application_secret
SquareSquare Sandbox Application Secretsquare_sandbox_application_secret
SSLMateSSLMate API Keysslmate_api_key
SSLMateSSLMate Cluster Secretsslmate_cluster_secret
StripeStripe API Keystripe_api_key
StripeStripe Live API Secret Keystripe_live_secret_key
StripeStripe Test API Secret Keystripe_test_secret_key
StripeStripe Live API Restricted Keystripe_live_restricted_key
StripeStripe Test API Restricted Keystripe_test_restricted_key
StripeStripe Webhook Signing Secretstripe_webhook_signing_secret
SupabaseSupabase Service Keysupabase_service_key
TableauTableau Personal Access Tokentableau_personal_access_token
TelegramTelegram Bot Tokentelegram_bot_token
Tencent CloudTencent Cloud Secret IDtencent_cloud_secret_id
TwilioTwilio Access Tokentwilio_access_token
TwilioTwilio Account String Identifiertwilio_account_sid
TwilioTwilio API Keytwilio_api_key
TypeformTypeform Personal Access Tokentypeform_personal_access_token
WorkOSWorkOS Production API Keyworkos_production_api_key
WorkOSWorkOS Staging API Keyworkos_staging_api_key
YandexYandex.Cloud API Keyyandex_cloud_api_key
YandexYandex.Cloud IAM Cookieyandex_cloud_iam_cookie
YandexYandex.Cloud IAM Tokenyandex_cloud_iam_token
YandexYandex.Dictionary API Keyyandex_dictionary_api_key
YandexYandex.Cloud Access Secretyandex_iam_access_secret
YandexYandex.Predictor API Keyyandex_predictor_api_key
YandexYandex.Translate API Keyyandex_translate_api_key

プッシュ保護でサポートされるシークレット

プッシュ保護として Secret scanning は、現在、次のサービス プロバイダーによって発行されたシークレットのリポジトリをスキャンします。

リソースへのアクセスにペアの資格情報が必要な場合は、ペアの両方の部分が同じファイルで検出された場合にのみ、シークレット スキャンによってアラートが作成されます。 これにより、最も重大なリークが部分リークに関する情報の背後に隠されないようにします。

ProviderSupported secretSecret type
Adafruit IOAdafruit IO Keyadafruit_io_key
Alibaba CloudAlibaba Cloud Access Key ID with Alibaba Cloud Access Key Secretalibaba_cloud_access_key_id
alibaba_cloud_access_key_secret
AmazonAmazon OAuth Client ID with Amazon OAuth Client Secretamazon_oauth_client_id
amazon_oauth_client_secret
Amazon Web Services (AWS)Amazon AWS Access Key ID with Amazon AWS Secret Access Keyaws_access_key_id
aws_secret_access_key
Amazon Web Services (AWS)Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Keyaws_session_token
aws_temporary_access_key_id
aws_secret_access_key
AsanaAsana Personal Access Tokenasana_personal_access_token
AtlassianBitbucket Server Personal Access Tokenbitbucket_server_personal_access_token
AzureAzure Active Directory Application Secretazure_active_directory_application_secret
AzureAzure Cache for Redis Access Keyazure_cache_for_redis_access_key
AzureAzure DevOps Personal Access Tokenazure_devops_personal_access_token
Checkout.comCheckout.com Production Secret Keycheckout_production_secret_key
ClojarsClojars Deploy Tokenclojars_deploy_token
DatabricksDatabricks Access Tokendatabricks_access_token
DigitalOceanDigitalOcean Personal Access Tokendigitalocean_personal_access_token
DigitalOceanDigitalOcean OAuth Tokendigitalocean_oauth_token
DigitalOceanDigitalOcean Refresh Tokendigitalocean_refresh_token
DigitalOceanDigitalOcean System Tokendigitalocean_system_token
DiscordDiscord Bot Tokendiscord_bot_token
DopplerDoppler Personal Tokendoppler_personal_token
DopplerDoppler Service Tokendoppler_service_token
DopplerDoppler CLI Tokendoppler_cli_token
DopplerDoppler SCIM Tokendoppler_scim_token
DopplerDoppler Audit Tokendoppler_audit_token
DropboxDropbox Short Lived Access Tokendropbox_short_lived_access_token
DuffelDuffel Live Access Tokenduffel_live_access_token
EasyPostEasyPost Production API Keyeasypost_production_api_key
FlutterwaveFlutterwave Live API Secret Keyflutterwave_live_api_secret_key
FullstoryFullStory API Keyfullstory_api_key
GitHubGitHub Personal Access Tokengithub_personal_access_token
GitHubGitHub OAuth Access Tokengithub_oauth_access_token
GitHubGitHub Refresh Tokengithub_refresh_token
GitHubGitHub App Installation Access Tokengithub_app_installation_access_token
GitHubGitHub SSH Private Keygithub_ssh_private_key
GoogleGoogle Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secretgoogle_cloud_storage_service_account_access_key_id
google_cloud_storage_access_key_secret
GoogleGoogle Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secretgoogle_cloud_storage_user_access_key_id
google_cloud_storage_access_key_secret
GoogleGoogle OAuth Client ID with Google OAuth Client Secretgoogle_oauth_client_id
google_oauth_client_secret
GrafanaGrafana API Keygrafana_api_key
HubspotHubspot API Keyhubspot_api_key
IntercomIntercom Access Tokenintercom_access_token
IonicIonic Personal Access Tokenionic_personal_access_token
IonicIonic Refresh Tokenionic_refresh_token
LinearLinear API Keylinear_api_key
LinearLinear OAuth Access Tokenlinear_oauth_access_token
MidtransMidtrans Production Server Keymidtrans_production_server_key
New RelicNew Relic Personal API Keynew_relic_personal_api_key
New RelicNew Relic REST API Keynew_relic_rest_api_key
New RelicNew Relic Insights Query Keynew_relic_insights_query_key
npmnpm Access Tokennpm_access_token
NuGetNuGet API Keynuget_api_key
OnfidoOnfido Live API Tokenonfido_live_api_token
OpenAIOpenAI API Keyopenai_api_key
PlanetScalePlanetScale Database Passwordplanetscale_database_password
PlanetScalePlanetScale OAuth Tokenplanetscale_oauth_token
PlanetScalePlanetScale Service Tokenplanetscale_service_token
PostmanPostman API Keypostman_api_key
ProctorioProctorio Secret Keyproctorio_secret_key
SamsaraSamsara API Tokensamsara_api_token
SamsaraSamsara OAuth Access Tokensamsara_oauth_access_token
SendGridSendGrid API Keysendgrid_api_key
SendinblueSendinblue API Keysendinblue_api_key
SendinblueSendinblue SMTP Keysendinblue_smtp_key
ShippoShippo Live API Tokenshippo_live_api_token
ShopifyShopify App Shared Secretshopify_app_shared_secret
ShopifyShopify Access Tokenshopify_access_token
SlackSlack API Tokenslack_api_token
StripeStripe Live API Secret Keystripe_api_key
Tencent CloudTencent Cloud Secret IDtencent_cloud_secret_id
TypeformTypeform Personal Access Tokentypeform_personal_access_token
WorkOSWorkOS Production API Keyworkos_production_api_key

参考資料