GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with exposed data.

We have partnered with DigitalOcean to scan for their API keys, which allow users to manage Droplets and resources. We'll forward API keys found in public repositories to DigitalOcean, who will revoke valid keys and email the affected user.

GitHub Advanced Security customers can also scan for DigitalOcean API keys and block them from entering their private and public repositories via secret scanning’s new push protection feature.