About secret scanning patterns
GitHub Enterprise Cloud maintains these different sets of secret scanning patterns:
-
Partner patterns. Used to detect potential secrets in all public repositories.
- For details, see "Supported secrets for partner alerts."
- To find out about our partner program, see "Secret scanning partner program."
-
User alert patterns. Used to detect potential secrets in repositories with secret scanning alerts for users enabled. For details, see "Supported secrets for user alerts."
-
Push protection patterns. Used to detect potential secrets in repositories with secret scanning as a push protection enabled. For details, see "Supported secrets for push protection."
If you believe that secret scanning should have detected a secret committed to your repository, and it has not, you first need to check that GitHub supports your secret. For more information, refer to the sections below. For more advanced troubleshooting information, see "Troubleshooting secret scanning."
Supported secrets for partner alerts
GitHub Enterprise Cloud currently scans public repositories for secrets issued by the following service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about secret scanning alerts for partners, see "About secret scanning."
If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.
Partner | Supported secret |
---|---|
Adafruit IO | Adafruit IO Key |
Adobe | Adobe Device Token |
Adobe | Adobe JSON Web Token |
Adobe | Adobe Service Token |
Adobe | Adobe Short-Lived Access Token |
Alibaba Cloud | Alibaba Cloud Access Key ID and Access Key Secret pair |
Amazon Web Services (AWS) | Amazon AWS Access Key ID and Secret Access Key pair |
Atlassian | Atlassian API Token |
Atlassian | Atlassian JSON Web Token |
Azure | Azure Active Directory Application Secret |
Azure | Azure Batch Key Identifiable |
Azure | Azure CosmosDB Key Identifiable |
Azure | Azure DevOps Personal Access Token |
Azure | Azure ML Studio (classic) Web Service Key |
Azure | Azure SAS Token |
Azure | Azure Search Admin Key |
Azure | Azure Search Query Key |
Azure | Azure Service Management Certificate |
Azure | Azure SQL Connection String |
Azure | Azure Storage Account Key |
Checkout.com | Checkout.com Production Secret Key |
Checkout.com | Checkout.com Test Secret Key |
Chief Tools | Chief Tools Token |
Clojars | Clojars Deploy Token |
CloudBees CodeShip | CloudBees CodeShip Credential |
Contributed Systems | Contributed Systems Credentials |
Crates.io | Crates.io API Token |
Databricks | Databricks Access Token |
Datadog | Datadog API Key |
DevCycle | DevCycle Client API Key |
DevCycle | DevCycle Server API Key |
DigitalOcean | DigitalOcean OAuth Token |
DigitalOcean | DigitalOcean Personal Access Token |
DigitalOcean | DigitalOcean Refresh Token |
DigitalOcean | DigitalOcean System Token |
Discord | Discord Bot Token |
Doppler | Doppler Audit Token |
Doppler | Doppler CLI Token |
Doppler | Doppler Personal Token |
Doppler | Doppler SCIM Token |
Doppler | Doppler Service Token |
Dropbox | Dropbox Access Token |
Dropbox | Dropbox Short Lived Access Token |
Dynatrace | Dynatrace Access Token |
Dynatrace | Dynatrace Internal Token |
Figma | Figma Personal Access Token |
Finicity | Finicity App Key |
Frame.io | Frame.io Developer Token |
Frame.io | Frame.io JSON Web Token |
FullStory | FullStory API Key |
GitHub | GitHub App Installation Access Token |
GitHub | GitHub OAuth Access Token |
GitHub | GitHub Personal Access Token |
GitHub | GitHub Refresh Token |
GitHub | GitHub SSH Private Key |
GoCardless | GoCardless Live Access Token |
GoCardless | GoCardless Sandbox Access Token |
Google Cloud | Google API Key |
Google Cloud | Google Cloud Private Key ID |
Hashicorp Terraform | Terraform Cloud / Enterprise API Token |
Hubspot | Hubspot API Key |
Hubspot | Hubspot API Personal Access Key |
Ionic | Ionic Personal Access Token |
Ionic | Ionic Refresh Token |
JD Cloud | JD Cloud Access Key |
Linear | Linear API Key |
Linear | Linear OAuth Access Token |
LocalStack | LocalStack API Key |
Mailchimp | Mailchimp API Key |
Mailchimp | Mandrill API Key |
Mailgun | Mailgun API Key |
MessageBird | MessageBird API Key |
Meta | Facebook Access Token |
npm | npm Access Token |
NuGet | NuGet API Key |
Octopus Deploy | Octopus Deploy API Key |
OpenAI | OpenAI API Key |
Palantir | Palantir JSON Web Token |
PlanetScale | PlanetScale Database Password |
PlanetScale | PlanetScale OAuth Token |
PlanetScale | PlanetScale Service Token |
Plivo | Plivo Auth ID and Token |
Postman | Postman API Key |
Prefect | Prefect Server API Key |
Prefect | Prefect User API Token |
Proctorio | Proctorio Consumer Key |
Proctorio | Proctorio Linkage Key |
Proctorio | Proctorio Registration Key |
Proctorio | Proctorio Secret Key |
Pulumi | Pulumi Access Token |
PyPI | PyPI API Token |
ReadMe | ReadMe API Access Key |
redirect.pizza | redirect.pizza API Token |
RubyGems | RubyGems API Key |
Samsara | Samsara API Token |
Samsara | Samsara OAuth Access Token |
Segment | Segment Public API Token |
SendGrid | SendGrid API Key |
Sendinblue | Sendinblue API Key |
Sendinblue | Sendinblue SMTP Key |
Shopify | Shopify Access Token |
Shopify | Shopify App Shared Secret |
Shopify | Shopify Custom App Access Token |
Shopify | Shopify Private App Password |
Slack | Slack API Token |
Slack | Slack Incoming Webhook URL |
Slack | Slack Workflow Webhook URL |
SSLMate | SSLMate API Key |
SSLMate | SSLMate Cluster Secret |
Stripe | Stripe Live API Restricted Key |
Stripe | Stripe Live API Secret Key |
Stripe | Stripe Test API Restricted Key |
Stripe | Stripe Test API Secret Key |
Supabase | Supabase Service Key |
Telnyx | Telnyx API V2 Key |
Tencent Cloud | Tencent Cloud Secret ID |
Tencent WeChat | Tencent WeChat API App ID |
Twilio | Twilio Account String Identifier |
Twilio | Twilio API Key |
Typeform | Typeform Personal Access Token |
Uniwise | WISEflow API Key |
Valour | Valour Access Token |
WakaTime | WakaTime App Secret |
WakaTime | WakaTime OAuth Access Token |
WakaTime | WakaTime OAuth Refresh Token |
Yandex | Yandex.Cloud Access Secret |
Yandex | Yandex.Cloud API Key |
Yandex | Yandex.Cloud IAM Cookie |
Yandex | Yandex.Cloud IAM Token |
Yandex | Yandex.Dictionary API Key |
Yandex | Yandex.Passport OAuth Token |
Zuplo | Zuplo Consumer API |
Supported secrets for user alerts
When secret scanning alerts for users are enabled, GitHub scans repositories for secrets issued by the following service providers and generates secret scanning alerts. You can see these alerts on the Security tab of the repository. For more information about secret scanning alerts for users, see "About secret scanning."
If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.
If you use the REST API for secret scanning, you can use the Secret type
to report on secrets from specific issuers. For more information, see "Secret scanning."
Note: You can also define custom secret scanning patterns for your repository, organization, or enterprise. For more information, see "Defining custom patterns for secret scanning."
Provider | Supported secret | Secret type |
---|---|---|
Adafruit IO | Adafruit IO Key | adafruit_io_key |
Adobe | Adobe Device Token | adobe_device_token |
Adobe | Adobe JSON Web Token | adobe_jwt |
Adobe | Adobe Service Token | adobe_service_token |
Adobe | Adobe Short-Lived Access Token | adobe_short_lived_access_token |
Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret |
Amazon Web Services (AWS) | Amazon AWS Access Key ID with Amazon AWS Secret Access Key | aws_access_key_id aws_secret_access_key |
Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key |
Asana | Asana Personal Access Token | asana_personal_access_token |
Atlassian | Atlassian API Token | atlassian_api_token |
Atlassian | Atlassian JSON Web Token | atlassian_jwt |
Atlassian | Bitbucket Server Personal Access Token | bitbucket_server_personal_access_token |
Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
Azure | Azure Batch Key Identifiable | azure_batch_key_identifiable |
Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key |
Azure | Azure CosmosDB Key Identifiable | azure_cosmosdb_key_identifiable |
Azure | Azure DevOps Personal Access Token | azure_devops_personal_access_token |
Azure | Azure ML Studio (classic) Web Service Key | azure_ml_studio_classic_web_service_key azure_ml_web_service_classic_identifiable_key |
Azure | Azure SAS Token | azure_sas_token |
Azure | Azure Search Admin Key | azure_search_admin_key |
Azure | Azure Search Query Key | azure_search_query_key |
Azure | Azure Service Management Certificate | azure_management_certificate |
Azure | Azure SQL Connection String | azure_sql_connection_string |
Azure | Azure Storage Account Key | azure_storage_account_key |
Beamer | Beamer API Key | beamer_api_key |
Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key |
Checkout.com | Checkout.com Test Secret Key | checkout_test_secret_key |
Chief Tools | Chief Tools Token | chief_tools_token |
Clojars | Clojars Deploy Token | clojars_deploy_token |
CloudBees CodeShip | CloudBees CodeShip Credential | codeship_credential |
Contentful | Contentful Personal Access Token | contentful_personal_access_token |
Databricks | Databricks Access Token | databricks_access_token |
DevCycle | DevCycle Client API Key | devcycle_client_api_key |
DevCycle | DevCycle Mobile API Key | devcycle_mobile_api_key |
DevCycle | DevCycle Server API Key | devcycle_server_api_key |
DigitalOcean | DigitalOcean OAuth Token | digitalocean_oauth_token |
DigitalOcean | DigitalOcean Personal Access Token | digitalocean_personal_access_token |
DigitalOcean | DigitalOcean Refresh Token | digitalocean_refresh_token |
DigitalOcean | DigitalOcean System Token | digitalocean_system_token |
Discord | Discord API Token V2 | discord_api_token_v2 |
Discord | Discord Bot Token | discord_bot_token |
Doppler | Doppler Audit Token | doppler_audit_token |
Doppler | Doppler CLI Token | doppler_cli_token |
Doppler | Doppler Personal Token | doppler_personal_token |
Doppler | Doppler SCIM Token | doppler_scim_token |
Doppler | Doppler Service Token | doppler_service_token |
Dropbox | Dropbox Access Token | dropbox_access_token |
Dropbox | Dropbox Short Lived Access Token | dropbox_short_lived_access_token |
Duffel | Duffel Live Access Token | duffel_live_access_token |
Duffel | Duffel Test Access Token | duffel_test_access_token |
Dynatrace | Dynatrace Access Token | dynatrace_access_token |
Dynatrace | Dynatrace Internal Token | dynatrace_internal_token |
EasyPost | EasyPost Production API Key | easypost_production_api_key |
EasyPost | EasyPost Test API Key | easypost_test_api_key |
eBay | eBay Production Client ID (App ID) with eBay Production Client Secret (Cert ID) | ebay_production_client_id ebay_production_client_secret |
eBay | eBay Sandbox Client ID (App ID) with eBay Sandbox Client Secret (Cert ID) | ebay_sandbox_client_id ebay_sandbox_client_secret |
Fastly | Fastly API Token | fastly_api_token |
Figma | Figma Personal Access Token | figma_pat |
Finicity | Finicity App Key | finicity_app_key |
Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key |
Flutterwave | Flutterwave Test API Secret Key | flutterwave_test_api_secret_key |
Frame.io | Frame.io Developer Token | frameio_developer_token |
Frame.io | Frame.io JSON Web Token | frameio_jwt |
FullStory | FullStory API Key | fullstory_api_key |
GitHub | GitHub App Installation Access Token | github_app_installation_access_token |
GitHub | GitHub OAuth Access Token | github_oauth_access_token |
GitHub | GitHub Personal Access Token | github_personal_access_token |
GitHub | GitHub Refresh Token | github_refresh_token |
GitHub | GitHub SSH Private Key | github_ssh_private_key |
GitLab | GitLab Access Token | gitlab_access_token |
GoCardless | GoCardless Live Access Token | gocardless_live_access_token |
GoCardless | GoCardless Sandbox Access Token | gocardless_sandbox_access_token |
Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key | |
Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
Google OAuth Access Token | google_oauth_access_token | |
Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
Google OAuth Refresh Token | google_oauth_refresh_token | |
Google Cloud | Google API Key | google_api_key |
Google Cloud | Google Cloud Private Key ID | google_cloud_private_key_id |
Grafana | Grafana API Key | grafana_api_key |
Grafana | Grafana Cloud API Key | grafana_cloud_api_key |
Grafana | Grafana Cloud API Token | grafana_cloud_api_token |
Grafana | Grafana Project API Key | grafana_project_api_key |
Grafana | Grafana Project Service Account Token | grafana_project_service_account_token |
HashiCorp | HashiCorp Vault Batch Token | hashicorp_vault_batch_token |
HashiCorp | HashiCorp Vault Root Service Token | hashicorp_vault_root_service_token |
HashiCorp | HashiCorp Vault Service Token | hashicorp_vault_service_token |
Hashicorp Terraform | Terraform Cloud / Enterprise API Token | terraform_api_token |
Highnote | Highnote RK Live Key | highnote_rk_live_key |
Highnote | Highnote RK Test Key | highnote_rk_test_key |
Highnote | Highnote SK Live Key | highnote_sk_live_key |
Highnote | Highnote SK Test Key | highnote_sk_test_key |
Hubspot | Hubspot API Key | hubspot_api_key |
Hubspot | Hubspot API Personal Access Key | hubspot_api_personal_access_key |
Intercom | Intercom Access Token | intercom_access_token |
Ionic | Ionic Personal Access Token | ionic_personal_access_token |
Ionic | Ionic Refresh Token | ionic_refresh_token |
JD Cloud | JD Cloud Access Key | jd_cloud_access_key |
JFrog | JFrog Platform Access Token | jfrog_platform_access_token |
JFrog | JFrog Platform API Key | jfrog_platform_api_key |
Linear | Linear API Key | linear_api_key |
Linear | Linear OAuth Access Token | linear_oauth_access_token |
Lob | Lob Live API Key | lob_live_api_key |
Lob | Lob Test API Key | lob_test_api_key |
LocalStack | LocalStack API Key | localstack_api_key |
LogicMonitor | LogicMonitor Bearer Token | logicmonitor_bearer_token |
LogicMonitor | LogicMonitor LMV1 Access Key | logicmonitor_lmv1_access_key |
Mailchimp | Mailchimp API Key | mailchimp_api_key |
Mailgun | Mailgun API Key | mailgun_api_key |
Mapbox | Mapbox Secret Access Token | mapbox_secret_access_token |
MessageBird | MessageBird API Key | messagebird_api_key |
Meta | Facebook Access Token | facebook_access_token |
Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
Midtrans | Midtrans Sandbox Server Key | midtrans_sandbox_server_key |
New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
New Relic | New Relic License Key | new_relic_license_key |
New Relic | New Relic Personal API Key | new_relic_personal_api_key |
New Relic | New Relic REST API Key | new_relic_rest_api_key |
Notion | Notion Integration Token | notion_integration_token |
Notion | Notion OAuth Client Secret | notion_oauth_client_secret |
npm | npm Access Token | npm_access_token |
NuGet | NuGet API Key | nuget_api_key |
Octopus Deploy | Octopus Deploy API Key | octopus_deploy_api_key |
Oculus | Oculus Very Tiny Encrypted Session | oculus_very_tiny_encrypted_session |
Onfido | Onfido Live API Token | onfido_live_api_token |
Onfido | Onfido Sandbox API Token | onfido_sandbox_api_token |
OpenAI | OpenAI API Key | openai_api_key |
Palantir | Palantir JSON Web Token | palantir_jwt |
Persona | Persona Production API Key | persona_production_api_key |
Persona | Persona Sandbox API Key | persona_sandbox_api_key |
PlanetScale | PlanetScale Database Password | planetscale_database_password |
PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
PlanetScale | PlanetScale Service Token | planetscale_service_token |
Plivo | Plivo Auth ID with Plivo Auth Token | plivo_auth_id plivo_auth_token |
Postman | Postman API Key | postman_api_key |
Postman | Postman Collection Key | postman_collection_key |
Prefect | Prefect Server API Key | prefect_server_api_key |
Prefect | Prefect User API Key | prefect_user_api_key |
Proctorio | Proctorio Consumer Key | proctorio_consumer_key |
Proctorio | Proctorio Linkage Key | proctorio_linkage_key |
Proctorio | Proctorio Registration Key | proctorio_registration_key |
Proctorio | Proctorio Secret Key | proctorio_secret_key |
Pulumi | Pulumi Access Token | pulumi_access_token |
PyPI | PyPI API Token | pypi_api_token |
ReadMe | ReadMe API Access Key | readmeio_api_access_token |
redirect.pizza | redirect.pizza API Token | redirect_pizza_api_token |
RubyGems | RubyGems API Key | rubygems_api_key |
Samsara | Samsara API Token | samsara_api_token |
Samsara | Samsara OAuth Access Token | samsara_oauth_access_token |
Segment | Segment Public API Token | segment_public_api_token |
SendGrid | SendGrid API Key | sendgrid_api_key |
Sendinblue | Sendinblue API Key | sendinblue_api_key |
Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key |
Shippo | Shippo Live API Token | shippo_live_api_token |
Shippo | Shippo Test API Token | shippo_test_api_token |
Shopify | Shopify Access Token | shopify_access_token |
Shopify | Shopify App Client Credentials | shopify_app_client_credentials |
Shopify | Shopify App Client Secret | shopify_app_client_secret |
Shopify | Shopify App Shared Secret | shopify_app_shared_secret |
Shopify | Shopify Custom App Access Token | shopify_custom_app_access_token |
Shopify | Shopify Marketplace Token | shopify_marketplace_token |
Shopify | Shopify Merchant Token | shopify_merchant_token |
Shopify | Shopify Partner API Token | shopify_partner_api_token |
Shopify | Shopify Private App Password | shopify_private_app_password |
Slack | Slack API Token | slack_api_token |
Slack | Slack Incoming Webhook URL | slack_incoming_webhook_url |
Slack | Slack Workflow Webhook URL | slack_workflow_webhook_url |
Square | Square Access Token | square_access_token |
Square | Square Production Application Secret | square_production_application_secret |
Square | Square Sandbox Application Secret | square_sandbox_application_secret |
SSLMate | SSLMate API Key | sslmate_api_key |
SSLMate | SSLMate Cluster Secret | sslmate_cluster_secret |
Stripe | Stripe API Key | stripe_api_key |
Stripe | Stripe Live API Restricted Key | stripe_live_restricted_key |
Stripe | Stripe Live API Secret Key | stripe_live_secret_key |
Stripe | Stripe Test API Restricted Key | stripe_test_restricted_key |
Stripe | Stripe Test API Secret Key | stripe_test_secret_key |
Stripe | Stripe Webhook Signing Secret | stripe_webhook_signing_secret |
Supabase | Supabase Service Key | supabase_service_key |
Tableau | Tableau Personal Access Token | tableau_personal_access_token |
Telegram | Telegram Bot Token | telegram_bot_token |
Telnyx | Telnyx API V2 Key | telnyx_api_v2_key |
Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id |
Tencent WeChat | Tencent WeChat API App ID | tencent_wechat_api_app_id |
Twilio | Twilio Access Token | twilio_access_token |
Twilio | Twilio Account String Identifier | twilio_account_sid |
Twilio | Twilio API Key | twilio_api_key |
Typeform | Typeform Personal Access Token | typeform_personal_access_token |
Uniwise | WISEflow API Key | wiseflow_api_key |
WakaTime | WakaTime App Secret | wakatime_pp_secret |
WakaTime | WakaTime OAuth Access Token | wakatime_oauth_access_token |
WakaTime | WakaTime OAuth Refresh Token | wakatime_oauth_refresh_token |
WorkOS | WorkOS Production API Key | workos_production_api_key |
WorkOS | WorkOS Staging API Key | workos_staging_api_key |
Yandex | Yandex.Cloud Access Secret | yandex_iam_access_secret |
Yandex | Yandex.Cloud API Key | yandex_cloud_api_key |
Yandex | Yandex.Cloud IAM Cookie | yandex_cloud_iam_cookie |
Yandex | Yandex.Cloud IAM Token | yandex_cloud_iam_token |
Yandex | Yandex.Dictionary API Key | yandex_dictionary_api_key |
Yandex | Yandex.Predictor API Key | yandex_predictor_api_key |
Yandex | Yandex.Translate API Key | yandex_translate_api_key |
Zuplo | Zuplo Consumer API Key | zuplo_consumer_api_key |
Supported secrets for push protection
Secret scanning as a push protection currently scans repositories for secrets issued by the following service providers.
If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.
Older versions of certain tokens may not be supported by push protection as these tokens may generate a higher number of false positives than their most recent version. Push protection may also not apply to legacy tokens. For tokens such as Azure Storage Keys, GitHub only supports recently created tokens, not tokens that match the legacy patterns. For more information about push protection limitations, see "Troubleshooting secret scanning."
Provider | Supported secret | Secret type |
---|---|---|
Adafruit IO | Adafruit IO Key | adafruit_io_key |
Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret |
Amazon Web Services (AWS) | Amazon AWS Access Key ID with Amazon AWS Secret Access Key | aws_access_key_id aws_secret_access_key |
Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key |
Asana | Asana Personal Access Token | asana_personal_access_token |
Atlassian | Bitbucket Server Personal Access Token | bitbucket_server_personal_access_token |
Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
Azure | Azure Batch Key Identifiable | azure_batch_key_identifiable |
Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key |
Azure | Azure CosmosDB Key Identifiable | azure_cosmosdb_key_identifiable |
Azure | Azure DevOps Personal Access Token | azure_devops_personal_access_token |
Azure | Azure ML Studio (classic) Web Service Key | azure_ml_web_service_classic_identifiable_key |
Azure | Azure Search Admin Key | azure_search_admin_key |
Azure | Azure Search Query Key | azure_search_query_key |
Azure | Azure Storage Account Key | azure_storage_account_key |
Checkout.com | Checkout.com Production Secret Key | checkout_production_secret_key |
Chief Tools | Chief Tools Token | chief_tools_token |
Clojars | Clojars Deploy Token | clojars_deploy_token |
Databricks | Databricks Access Token | databricks_access_token |
DevCycle | DevCycle Client API Key | devcycle_client_api_key |
DevCycle | DevCycle Mobile API Key | devcycle_mobile_api_key |
DevCycle | DevCycle Server API Key | devcycle_server_api_key |
DigitalOcean | DigitalOcean OAuth Token | digitalocean_oauth_token |
DigitalOcean | DigitalOcean Personal Access Token | digitalocean_personal_access_token |
DigitalOcean | DigitalOcean Refresh Token | digitalocean_refresh_token |
DigitalOcean | DigitalOcean System Token | digitalocean_system_token |
Discord | Discord API Token V2 | discord_api_token_v2 |
Discord | Discord Bot Token | discord_bot_token |
Doppler | Doppler Audit Token | doppler_audit_token |
Doppler | Doppler CLI Token | doppler_cli_token |
Doppler | Doppler Personal Token | doppler_personal_token |
Doppler | Doppler SCIM Token | doppler_scim_token |
Doppler | Doppler Service Token | doppler_service_token |
Dropbox | Dropbox Short Lived Access Token | dropbox_short_lived_access_token |
Duffel | Duffel Live Access Token | duffel_live_access_token |
EasyPost | EasyPost Production API Key | easypost_production_api_key |
Figma | Figma Personal Access Token | figma_pat |
Flutterwave | Flutterwave Live API Secret Key | flutterwave_live_api_secret_key |
FullStory | FullStory API Key | fullstory_api_key |
GitHub | GitHub App Installation Access Token | github_app_installation_access_token |
GitHub | GitHub OAuth Access Token | github_oauth_access_token |
GitHub | GitHub Personal Access Token | github_personal_access_token |
GitHub | GitHub Refresh Token | github_refresh_token |
GitHub | GitHub SSH Private Key | github_ssh_private_key |
Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
Grafana | Grafana API Key | grafana_api_key |
Grafana | Grafana Cloud API Key | grafana_cloud_api_key |
Grafana | Grafana Cloud API Token | grafana_cloud_api_token |
Grafana | Grafana Project API Key | grafana_project_api_key |
Grafana | Grafana Project Service Account Token | grafana_project_service_account_token |
HashiCorp | HashiCorp Vault Batch Token (v1.10.0+) | hashicorp_vault_batch_token |
HashiCorp | HashiCorp Vault Root Service Token (v1.10.0+) | hashicorp_vault_root_service_token |
HashiCorp | HashiCorp Vault Service Token (v1.10.0+) | hashicorp_vault_service_token |
Highnote | Highnote RK Live Key | highnote_rk_live_key |
Highnote | Highnote RK Test Key | highnote_rk_test_key |
Highnote | Highnote SK Live Key | highnote_sk_live_key |
Highnote | Highnote SK Test Key | highnote_sk_test_key |
Hubspot | Hubspot API Key | hubspot_api_key |
Hubspot | Hubspot API Personal Access Key | hubspot_api_personal_access_key |
Intercom | Intercom Access Token | intercom_access_token |
Ionic | Ionic Personal Access Token | ionic_personal_access_token |
Ionic | Ionic Refresh Token | ionic_refresh_token |
JFrog | JFrog Platform Access Token | jfrog_platform_access_token |
JFrog | JFrog Platform API Key | jfrog_platform_api_key |
Linear | Linear API Key | linear_api_key |
Linear | Linear OAuth Access Token | linear_oauth_access_token |
LogicMonitor | LogicMonitor Bearer Token | logicmonitor_bearer_token |
LogicMonitor | LogicMonitor LMV1 Access Key | logicmonitor_lmv1_access_key |
Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
New Relic | New Relic Personal API Key | new_relic_personal_api_key |
New Relic | New Relic REST API Key | new_relic_rest_api_key |
npm | npm Access Token | npm_access_token |
NuGet | NuGet API Key | nuget_api_key |
Onfido | Onfido Live API Token | onfido_live_api_token |
OpenAI | OpenAI API Key | openai_api_key |
PlanetScale | PlanetScale Database Password | planetscale_database_password |
PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
PlanetScale | PlanetScale Service Token | planetscale_service_token |
Postman | Postman API Key | postman_api_key |
Postman | Postman Collection Key | postman_collection_key |
Prefect | Prefect Server API Key | prefect_server_api_key |
Prefect | Prefect User API Key | prefect_user_api_key |
Proctorio | Proctorio Secret Key | proctorio_secret_key |
ReadMe | ReadMe API Access Key | readmeio_api_access_token |
redirect.pizza | redirect.pizza API Token | redirect_pizza_api_token |
Samsara | Samsara API Token | samsara_api_token |
Samsara | Samsara OAuth Access Token | samsara_oauth_access_token |
Segment | Segment Public API Token | segment_public_api_token |
SendGrid | SendGrid API Key | sendgrid_api_key |
Sendinblue | Sendinblue API Key | sendinblue_api_key |
Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key |
Shippo | Shippo Live API Token | shippo_live_api_token |
Shopify | Shopify Access Token | shopify_access_token |
Shopify | Shopify App Shared Secret | shopify_app_shared_secret |
Slack | Slack API Token | slack_api_token |
Stripe | Stripe Live API Secret Key | stripe_api_key |
Telnyx | Telnyx API V2 Key | telnyx_api_v2_key |
Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id |
Twilio | Twilio Access Token | twilio_access_token |
Twilio | Twilio Account String Identifier | twilio_account_sid |
Twilio | Twilio API Key | twilio_api_key |
Typeform | Typeform Personal Access Token | typeform_personal_access_token |
Uniwise | WISEflow API Key | wiseflow_api_key |
WakaTime | WakaTime App Secret | wakatime_pp_secret |
WakaTime | WakaTime OAuth Access Token | wakatime_oauth_access_token |
WakaTime | WakaTime OAuth Refresh Token | wakatime_oauth_refresh_token |
WorkOS | WorkOS Production API Key | workos_production_api_key |
Zuplo | Zuplo Consumer API Key | zuplo_consumer_api_key |