支持的机密扫描模式

关于 secret scanning 模式

有三种类型的 机密扫描警报：

• 用户警报：在存储库中检测到支持的机密时，在存储库的安全选项卡中向用户报告。
• 推送保护警报：当参与者绕过推送保护时，在存储库的安全选项卡中向用户报告。
• 合作伙伴警报：直接向属于 secret scanning 合作伙伴计划的机密提供方报告。 这些警报不会在存储库的安全选项卡中报告。

有关每种警报类型的深入信息，请参阅“关于机密扫描警报”。

有关所有受支持的模式的详细信息，请参阅下面的“支持的机密”部分。

如果使用 REST API 进行 secret scanning，可以使用 Secret type 报告来自特定颁发者的机密。 有关详细信息，请参阅“适用于机密扫描的 REST API 终结点”。

如果你认为 secret scanning 应检测到提交到存储库的机密，但却尚未检测到，则首先需要检查 GitHub 是否支持你的机密。 有关详细信息，请参阅以下部分。 有关高级故障排除的详细信息，请参阅“排查机密扫描问题”。

支持的机密

下表列出了 secret scanning 支持的机密。 可以查看为每个令牌生成的警报类型，以及是否对令牌执行验证检查。

• 提供商 - 令牌提供商的名称。

• 合作伙伴 - 将泄漏报告给相关令牌合作伙伴的令牌。 仅适用于公共存储库。

• 用户 - 向 GitHub 上的用户报告泄漏的令牌。

• 推送保护 - 向 GitHub 上的用户报告泄漏的令牌。 适用于启用了 secret scanning 和推送保护的存储库。

• 验证检查 - 实现其验证检查的令牌。 当前仅适用于 GitHub 令牌，未在表格中显示。 有关验证检查支持的详细信息，请参阅 GitHub Enterprise Cloud 文档中的“支持的机密扫描模式”。

提供程序	标记	Partner	用户	推送保护
Adafruit	adafruit_io_key
Adobe	adobe_client_secret
Adobe	adobe_device_token
Adobe	adobe_pac_token
Adobe	adobe_refresh_token
Adobe	adobe_service_token
Adobe	adobe_short_lived_access_token
Aiven	aiven_auth_token
Aiven	aiven_service_password
Alibaba	alibaba_cloud_access_key_id alibaba_cloud_access_key_secret
Amazon AWS	aws_access_key_id aws_secret_access_key
Amazon AWS	aws_secret_access_key aws_session_token aws_temporary_access_key_id
Anthropic	anthropic_api_key
Anthropic	anthropic_management_api_key
Anthropic	anthropic_session_id
Asaas	asaas_api_token
Asana	asana_legacy_format_personal_access_token
Asana	asana_personal_access_token
Atlassian	atlassian_api_token Token versions
Atlassian	atlassian_jwt
Authress	authress_service_client_access_key
Azure	azure_active_directory_application_secret Token versions
Azure	azure_active_directory_user_credential
Azure	azure_apim_direct_management_key
Azure	azure_apim_gateway_key
Azure	azure_apim_repository_key
Azure	azure_apim_subscription_key
Azure	azure_app_configuration_connection_string
Azure	azure_batch_key_identifiable
Azure	azure_cache_for_redis_access_key
Azure	azure_communication_services_connection_string
Azure	azure_container_registry_key_identifiable
Azure	azure_cosmosdb_key_identifiable
Azure	azure_devops_personal_access_token
Azure	azure_event_hub_key_identifiable
Azure	azure_function_key
Azure	azure_iot_device_connection_string
Azure	azure_iot_device_key
Azure	azure_iot_device_provisioning_key
Azure	azure_iot_hub_connection_string
Azure	azure_iot_hub_key
Azure	azure_iot_provisioning_connection_string
Azure	azure_management_certificate
Azure	azure_ml_web_service_classic_identifiable_key
Azure	azure_openai_key
Azure	azure_relay_key_identifiable
Azure	azure_sas_token
Azure	azure_search_admin_key
Azure	azure_search_query_key
Azure	azure_service_bus_identifiable
Azure	azure_signalr_connection_string
Azure	azure_sql_connection_string
Azure	azure_sql_password
Azure	azure_storage_account_key Token versions
Azure	azure_web_pub_sub_connection_string
Azure	microsoft_corporate_network_user_credential
Baidu	baiducloud_api_accesskey
Beamer	beamer_api_key
Bitbucket	bitbucket_server_personal_access_token
Canadian Digital Service	cds_canada_notify_api_key
Canva	canva_app_secret
Canva	canva_connect_api_secret
Canva	canva_secret
Cashfree	cashfree_api_key
Cfx.re	cfxre_server_key
Checkout.com	checkout_production_secret_key Token versions
Checkout.com	checkout_test_secret_key Token versions
Chief Tools	chief_tools_token
CircleCI	circleci_bot_access_token
CircleCI	circleci_personal_access_token
CircleCI	circleci_project_access_token
CircleCI	circleci_release_integration_token
Clojars	clojars_deploy_token
CloudBees	codeship_credential
Contentful	contentful_personal_access_token
Contributed Systems	contributed_systems_credentials
Coveo	coveoaccesstoken
Coveo	coveoapikey
crates.io	cratesio_api_token
Databricks	databricks_access_token
Datadog	datadog_api_key
Datadog	datadog_app_key
Defined Networking	defined_networking_nebula_api_key
DevCycle	devcycle_client_api_key
DevCycle	devcycle_mobile_api_key
DevCycle	devcycle_server_api_key
DigitalOcean	digitalocean_oauth_token
DigitalOcean	digitalocean_personal_access_token
DigitalOcean	digitalocean_refresh_token
DigitalOcean	digitalocean_system_token
Discord	discord_bot_token Token versions
Docker	docker_personal_access_token
Doppler	doppler_audit_token
Doppler	doppler_cli_token
Doppler	doppler_personal_token
Doppler	doppler_scim_token
Doppler	doppler_service_account_token
Doppler	doppler_service_token
Dropbox	dropbox_access_token
Dropbox	dropbox_short_lived_access_token
Duffel	duffel_live_access_token
Duffel	duffel_test_access_token
Dynatrace	dynatrace_api_token
Dynatrace	dynatrace_internal_token
EasyPost	easypost_production_api_key
EasyPost	easypost_test_api_key
eBay	ebay_production_client_id ebay_production_client_secret
eBay	ebay_sandbox_client_id ebay_sandbox_client_secret
Facebook	facebook_access_token
Fastly	fastly_api_token Token versions
Figma	figma_pat
Finicity	finicity_app_key
Firebase	firebase_cloud_messaging_server_key
Flutterwave	flutterwave_live_api_secret_key
Flutterwave	flutterwave_test_api_secret_key
Frame.io	frameio_developer_token
Frame.io	frameio_jwt
FullStory	fullstory_api_key Token versions
GitHub	github_app_installation_access_token Token versions
GitHub	github_oauth_access_token Token versions
GitHub	github_personal_access_token Token versions
GitHub	github_refresh_token
GitHub	github_ssh_private_key
GitHub	github_test_token
GitHub Secret Scanning	secret_scanning_sample_token
GitLab	gitlab_access_token
GoCardless	gocardless_live_access_token
GoCardless	gocardless_sandbox_access_token
Google	google_api_key
Google	google_cloud_service_account_credentials
Google	google_cloud_storage_access_key_secret google_cloud_storage_service_account_access_key_id
Google	google_cloud_storage_access_key_secret google_cloud_storage_user_access_key_id
Google	google_oauth_access_token
Google	google_oauth_client_id google_oauth_client_secret
Google	google_oauth_refresh_token
Grafana	grafana_cloud_api_key
Grafana	grafana_cloud_api_token
Grafana	grafana_project_api_key
Grafana	grafana_project_service_account_token
HashiCorp	hashicorp_vault_batch_token Token versions
HashiCorp	hashicorp_vault_root_service_token
HashiCorp	hashicorp_vault_service_token Token versions
HashiCorp	terraform_api_token
Highnote	highnote_rk_live_key
Highnote	highnote_rk_test_key
Highnote	highnote_sk_live_key
Highnote	highnote_sk_test_key
HOP	hop_bearer
HOP	hop_pat
HOP	hop_ptk
Hubspot	hubspot_api_key Token versions
Hubspot	hubspot_personal_access_key
Hubspot	hubspot_smtp_credential Token versions
Hugging Face	hf_org_api_key
Hugging Face	hf_user_access_token
IBM	ibm_cloud_iam_key
IBM	ibm_softlayer_api_key
Intercom	intercom_access_token
Ionic	ionic_personal_access_token Token versions
Ionic	ionic_refresh_token Token versions
Iterative	iterative_dvc_studio_access_token
JFrog	jfrog_platform_access_token
JFrog	jfrog_platform_api_key
JFrog	jfrog_platform_reference_token
LaunchDarkly	launchdarkly_access_token
Lightspeed	lightspeed_xs_pat
Linear	linear_api_key
Linear	linear_oauth_access_token
Lob	lob_live_api_key
Lob	lob_test_api_key
Localstack	localstack_api_key
LogicMonitor	logicmonitor_bearer_token
LogicMonitor	logicmonitor_lmv1_access_key
Login with Amazon	amazon_oauth_client_id amazon_oauth_client_secret amazon_oauth_client_secret
Mailchimp	mailchimp_api_key
Mailchimp	mandrill_api_key
Mailgun	mailgun_api_key Token versions
Mailgun	mailgun_smtp_credential
Mapbox	mapbox_secret_access_token
MaxMind	maxmind_license_key
Mercury	mercury_non_production_api_token
Mercury	mercury_production_api_token
Mergify	mergify_application_key
MessageBird	messagebird_api_key
Midtrans	midtrans_production_server_key
Midtrans	midtrans_sandbox_server_key
Netflix	netflix_netkey
New Relic	new_relic_insights_query_key
New Relic	new_relic_license_key
New Relic	new_relic_personal_api_key
New Relic	new_relic_rest_api_key
Notion	notion_integration_token
Notion	notion_oauth_client_secret
npm	npm_access_token Token versions
NuGet	nuget_api_key
Octopus Deploy	octopus_deploy_api_key
Oculus	oculus_access_token
OneChronos	onechronos_api_key
OneChronos	onechronos_eb_api_key
OneChronos	onechronos_eb_encryption_key
OneChronos	onechronos_oauth_token
OneChronos	onechronos_refresh_token
Onfido	onfido_live_api_token
Onfido	onfido_sandbox_api_token
OpenAI	openai_api_key Token versions
Orbit	orbit_api_token
PagerDuty	pagerduty_oauth_secret
PagerDuty	pagerduty_oauth_token
Palantir	palantir_jwt
Persona Identities	persona_production_api_key
Persona Identities	persona_sandbox_api_key
Pinterest	pinterest_access_token
Pinterest	pinterest_refresh_token
PlanetScale	planetscale_database_password
PlanetScale	planetscale_oauth_token
PlanetScale	planetscale_service_token
Plivo	plivo_auth_id plivo_auth_token
Polar	polar_access_token
Polar	polar_authorization_code
Polar	polar_client_registration_token
Polar	polar_client_secret
Polar	polar_personal_access_token
Polar	polar_refresh_token
Postman	postman_api_key
Postman	postman_collection_key
Prefect	prefect_server_api_key
Prefect	prefect_user_api_key
Proctorio	proctorio_consumer_key
Proctorio	proctorio_linkage_key
Proctorio	proctorio_registration_key
Proctorio	proctorio_secret_key Token versions
Pulumi	pulumi_access_token
PyPI	pypi_api_token
ReadMe	readmeio_api_access_token
redirect.pizza	redirect_pizza_api_token
Replicate	replicate_api_token
Rootly	rootly_api_key
RubyGems	rubygems_api_key
Samsara	samsara_api_token
Samsara	samsara_oauth_access_token
Segment	segment_public_api_token
SendGrid	sendgrid_api_key
Sendinblue	sendinblue_api_key
Sendinblue	sendinblue_smtp_key
Sentry	sentry_integration_token
Sentry	sentry_org_auth_token
Sentry	sentry_user_app_auth_token
Sentry	sentry_user_auth_token
Shippo	shippo_live_api_token
Shippo	shippo_test_api_token
Shopee	shopee_open_platform_partner_key
Shopify	shopify_access_token
Shopify	shopify_app_client_credentials
Shopify	shopify_app_client_secret
Shopify	shopify_app_shared_secret
Shopify	shopify_custom_app_access_token
Shopify	shopify_marketplace_token
Shopify	shopify_merchant_token
Shopify	shopify_partner_api_token
Shopify	shopify_private_app_password
Siemens	siemens_api_token
Siemens	siemens_code_token
Sindri	sindri_api_key Token versions
Slack	slack_api_token Token versions
Slack	slack_incoming_webhook_url
Slack	slack_workflow_webhook_url
Square	square_access_token Token versions
Square	square_production_application_secret
Square	square_sandbox_application_secret
SSLMate	sslmate_api_key Token versions
SSLMate	sslmate_cluster_secret
Stripe	stripe_api_key
Stripe	stripe_legacy_api_key
Stripe	stripe_live_restricted_key
Stripe	stripe_test_restricted_key
Stripe	stripe_test_secret_key
Stripe	stripe_webhook_signing_secret
Supabase	supabase_service_key Token versions
Tableau	tableau_personal_access_token
Telegram	telegram_bot_token
Telnyx	telnyx_api_v2_key
Tencent	tencent_cloud_secret_id
Tencent	tencent_wechat_api_app_id
Thunderstore	thunderstore_io_api_token
Twilio	twilio_access_token
Twilio	twilio_account_sid
Twilio	twilio_api_key
Typeform	typeform_personal_access_token
Uniwise	wiseflow_api_key
Unkey	unkey_root_key
VolcEngine	volcengine_access_key_id
Wakatime	wakatime_api_key
Wakatime	wakatime_app_secret
Wakatime	wakatime_oauth_access_token
Wakatime	wakatime_oauth_refresh_token
Workato	workato_developer_api_token Token versions
WorkOS	workos_production_api_key Token versions
WorkOS	workos_staging_api_key Token versions
Yandex	yandex_cloud_api_key
Yandex	yandex_cloud_iam_access_secret
Yandex	yandex_cloud_iam_cookie
Yandex	yandex_cloud_iam_token
Yandex	yandex_cloud_smartcaptcha_server_key
Yandex	yandex_dictionary_api_key
Yandex	yandex_passport_oauth_token
Yandex	yandex_predictor_api_key
Yandex	yandex_translate_api_key
Zuplo	zuplo_consumer_api_key

令牌版本

服务提供方会更新用于定期生成令牌的模式，并且可能支持多个版本的令牌。 推送保护仅支持 secret scanning 可放心识别的最新令牌版本。 这样可以避免在结果可能是误报时，不必要地阻止提交推送保护，这种情况在使用旧令牌时更有可能发生。

其他阅读材料

• “关于机密扫描警报”
• “密码扫描合作伙伴计划”
• “保护存储库快速入门”
• "保护帐户和数据安全"