GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades to existing patterns, helping ensure your repositories have comprehensive detection for different secret types.

The following new patterns were added over the past two months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.

Provider Token Partner User Push protection
1Password 1password_service_account_token x
Akamai akamai_api_credentials x
Amazon AWS aws_api_key x x
Apify apify_api_token x x x
Apify apify_actor_run_api_token x x x
Apify apify_actor_run_proxy_password x x x
Apify apify_integration_api_token x x x
Apify apify_proxy_password x x x
Apify apify_ui_token x x x
Apify apify_webhook_dispatch_api_token x x x
Azure azure_app_configuration_key x x x
Azure azure_communication_services_key x x x
Azure azure_event_grid_key_identifiable x x x
Azure azure_maps_key x x x
Azure azure_ml_inference_identifiable_key x x x
Azure azure_ml_internal_service_principal_identifiable_key x
Azure azure_web_app_bot_key x x x
Azure azure_ai_services_key x x x
Azure azure_anomaly_detector_ee_key x x x
Azure azure_anomaly_detector_key x x x
Azure azure_cognitive_services_key x x x
Azure azure_computer_vision_key x x x
Azure azure_content_moderator_key x x x
Azure azure_content_safety_key x x x
Azure azure_custom_vision_prediction_key x x x
Azure azure_custom_vision_training_key x x x
Azure azure_dummy_key x x x
Azure azure_face_key x x x
Azure azure_fluid_relay_key x x x
Azure azure_form_recognizer_key x x x
Azure azure_health_decision_support_key x x x
Azure azure_health_insights_key x x x
Azure azure_immersive_reader_key x x x
Azure azure_internal_all_in_one_key x x x
Azure azure_knowledge_key x x x
Azure azure_luis_authoring_key x x x
Azure azure_luis_key x x x
Azure azure_metrics_advisor_key x x x
Azure azure_mixed_reality_key x x x
Azure azure_personalizer_key x x x
Azure azure_qna_maker_key x x x
Azure azure_qna_maker_v2_key x x x
Azure azure_signalr_key x x x
Azure azure_speech_services_key x x x
Azure azure_speech_translation_key x x x
Azure azure_text_analytics_key x x x
Azure azure_text_translation_key x x x
Azure azure_video_intelligence_key x x x
Buildkite buildkite_agent_access_token x x
Buildkite buildkite_agent_job_token x x
Buildkite buildkite_agent_registration_token x x
Buildkite buildkite_cluster_queue_token x x
Buildkite buildkite_cluster_token x x
Buildkite buildkite_packages_registry_token x x
Buildkite buildkite_packages_temporary_token x x
Buildkite buildkite_portal_secret x x
Buildkite buildkite_portal_token x x
Contentful contentful_web_token x x x
Elastic elastic_cloud_api_key x
Langchain langchain_api_personal_key x
Langchain langchain_api_server_key x
LaunchDarkly launchdarkly_access_token x x
Notion notion_api_token x x x
Perplexity perplexity_api_key x
Polar polar_customer_session_token x x x
Polar polar_user_session_token x x x
Snowflake snowflake_programmatic_access_token x x
Tencent tencent_cloud_intl_access_token x x
Val Town val_town_api_token x x

The following existing patterns have been updated. Existing alerts are not affected by pattern updates.

Provider Token Update
Alibaba alibaba_cloud_access_key_id Updated detector for increased precision
Alibaba alibaba_cloud_access_key_secret Updated detector for increased precision
Anthropic anthropic_api_key Added to validity checks
Anthropic anthropic_admin_api_key Added to validity checks
Azure azure_devops_personal_access_token Updated detector for new pattern format
Bitrise bitrise_personal_access_token Added to validity checks
Contentful contentful_personal_access_token Added to validity checks
DigitalOcean digitalocean_oauth_token Added to validity checks
DigitalOcean digitalocean_personal_access_token Added to validity checks
Dropbox dropbox_access_token Added to validity checks
Duffel duffel_live_access_token Added to validity checks
Duffel duffel_test_access_token Added to validity checks
Generic http_bearer_authentication_header Updated detector for increased precision
GitLab gitlab_access_token Added to validity checks
Groq groq_api_key Added to push protection
HashiCorp terraform_api_token Added to validity checks
Heroku heroku_platform_api_oauth2_token Added to push protection
OpenAI openai_api_key Updated detector for increased recall
Polar polar_access_token Updated detector for new pattern format, added to push protection
Polar polar_authorization_code Updated detector for new pattern format, added to push protection
Polar polar_client_registration_token Updated detector for new pattern format, added to push protection
Polar polar_client_secret Updated detector for new pattern format, added to push protection
Polar polar_personal_access_token Updated detector for new pattern format, added to push protection
Polar polar_refresh_token Updated detector for new pattern format, added to push protection
ReadMe readmeio_api_access_token Added to validity checks
Salesforce salesforce_oauth2_consumer_key Added to push protection
Salesforce salesforce_oauth2_consumer_secret Added to push protection
Tailscale tailscale_api_key Added to validity checks
Workato workato_developer_api_token1 Added to validity checks
xAI xai_api_key Added to push protection

Learn more about securing your repositories with secret scanning.


  1. Includes support for regional variants: JP (Japan), SG (Singapore), EU (Europe), and US (United States) versions of the Workato Developer API Token.