If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked API tokens and, via our partners, automatically notifying you and/or revoking them.
In addition to our 33 existing partners, GitHub has now partnered with Doppler to scan for their API tokens. When we find a Doppler API token committed to a public repository we notify Doppler so they can automatically revoke it and notify the token owner. When we find a Doppler API token committed to a private repository with secret scanning enabled we notify the repository owner so they can take action.