Improvement
Secret Protection expands default pattern support (May 2025)
GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, helping ensure your repositories have comprehensive detection for different secret types.
The following new patterns were added over the past month. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.
| Provider | Token | Partner | User | Push protection |
|---|---|---|---|---|
| Block Protocol | block_protocol_api_key |
✓ | ||
| Datadog | datadog_rcm |
✓ | ||
| Docker | docker_organization_access_token |
✓ | ✓ | ✓ |
| Docker | docker_swarm_join_token |
✓ | ||
| Docker | docker_swarm_unlock_key |
✓ | ||
| Groq | groq_api_key |
✓ | ✓ | |
| Heroku | heroku_platform_api_oauth2_token |
✓ | ||
| Heroku | heroku_postgres_connection_url |
✓ | ||
| MongoDB | mongodb_atlas_service_account_secret |
✓ | ✓ | ✓ |
| Salesforce | salesforce_oauth2_consumer_key salesforce_oauth2_consumer_secret |
✓ | ||
| Salesforce | salesforce_refresh_token |
✓ | ||
| xAI | xai_api_key |
✓ |
The following existing patterns have been updated. Existing alerts are not affected by pattern updates.
| Update | Provider | Token |
|---|---|---|
| Updated detector for new pattern format | Asaas | asaas_api_token |
| Updated detector for increased precision | Fastly | fastly_api_token |
| Newly added to push protection | Dynatrace | dynatrace_api_token |
| Newly added to partner alerting | google_cloud_storage_access_key_secret |
|
| Newly added to partner alerting | google_cloud_storage_service_account_access_key_id |
|
| Newly added to partner alerting | google_oauth_access_token |
|
| Newly added to partner alerting | google_oauth_client_id |
|
| Newly added to partner alerting | google_oauth_client_secret |
|
| Newly added to partner alerting | google_oauth_refresh_token |
Learn more about securing your repositories with secret scanning.