Improvement
Secret Protection expands default pattern support and adds additional validators – August 2025
GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades to existing patterns, helping ensure your repositories have comprehensive detection for different secret types.
The following new patterns were added over the past two months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.
Provider | Token | Partner | User | Push protection |
---|---|---|---|---|
1Password | 1password_service_account_token |
x | ||
Akamai | akamai_api_credentials |
x | ||
Amazon AWS | aws_api_key |
x | x | |
Apify | apify_api_token |
x | x | x |
Apify | apify_actor_run_api_token |
x | x | x |
Apify | apify_actor_run_proxy_password |
x | x | x |
Apify | apify_integration_api_token |
x | x | x |
Apify | apify_proxy_password |
x | x | x |
Apify | apify_ui_token |
x | x | x |
Apify | apify_webhook_dispatch_api_token |
x | x | x |
Azure | azure_app_configuration_key |
x | x | x |
Azure | azure_communication_services_key |
x | x | x |
Azure | azure_event_grid_key_identifiable |
x | x | x |
Azure | azure_maps_key |
x | x | x |
Azure | azure_ml_inference_identifiable_key |
x | x | x |
Azure | azure_ml_internal_service_principal_identifiable_key |
x | ||
Azure | azure_web_app_bot_key |
x | x | x |
Azure | azure_ai_services_key |
x | x | x |
Azure | azure_anomaly_detector_ee_key |
x | x | x |
Azure | azure_anomaly_detector_key |
x | x | x |
Azure | azure_cognitive_services_key |
x | x | x |
Azure | azure_computer_vision_key |
x | x | x |
Azure | azure_content_moderator_key |
x | x | x |
Azure | azure_content_safety_key |
x | x | x |
Azure | azure_custom_vision_prediction_key |
x | x | x |
Azure | azure_custom_vision_training_key |
x | x | x |
Azure | azure_dummy_key |
x | x | x |
Azure | azure_face_key |
x | x | x |
Azure | azure_fluid_relay_key |
x | x | x |
Azure | azure_form_recognizer_key |
x | x | x |
Azure | azure_health_decision_support_key |
x | x | x |
Azure | azure_health_insights_key |
x | x | x |
Azure | azure_immersive_reader_key |
x | x | x |
Azure | azure_internal_all_in_one_key |
x | x | x |
Azure | azure_knowledge_key |
x | x | x |
Azure | azure_luis_authoring_key |
x | x | x |
Azure | azure_luis_key |
x | x | x |
Azure | azure_metrics_advisor_key |
x | x | x |
Azure | azure_mixed_reality_key |
x | x | x |
Azure | azure_personalizer_key |
x | x | x |
Azure | azure_qna_maker_key |
x | x | x |
Azure | azure_qna_maker_v2_key |
x | x | x |
Azure | azure_signalr_key |
x | x | x |
Azure | azure_speech_services_key |
x | x | x |
Azure | azure_speech_translation_key |
x | x | x |
Azure | azure_text_analytics_key |
x | x | x |
Azure | azure_text_translation_key |
x | x | x |
Azure | azure_video_intelligence_key |
x | x | x |
Buildkite | buildkite_agent_access_token |
x | x | |
Buildkite | buildkite_agent_job_token |
x | x | |
Buildkite | buildkite_agent_registration_token |
x | x | |
Buildkite | buildkite_cluster_queue_token |
x | x | |
Buildkite | buildkite_cluster_token |
x | x | |
Buildkite | buildkite_packages_registry_token |
x | x | |
Buildkite | buildkite_packages_temporary_token |
x | x | |
Buildkite | buildkite_portal_secret |
x | x | |
Buildkite | buildkite_portal_token |
x | x | |
Contentful | contentful_web_token |
x | x | x |
Elastic | elastic_cloud_api_key |
x | ||
Langchain | langchain_api_personal_key |
x | ||
Langchain | langchain_api_server_key |
x | ||
LaunchDarkly | launchdarkly_access_token |
x | x | |
Notion | notion_api_token |
x | x | x |
Perplexity | perplexity_api_key |
x | ||
Polar | polar_customer_session_token |
x | x | x |
Polar | polar_user_session_token |
x | x | x |
Snowflake | snowflake_programmatic_access_token |
x | x | |
Tencent | tencent_cloud_intl_access_token |
x | x | |
Val Town | val_town_api_token |
x | x |
The following existing patterns have been updated. Existing alerts are not affected by pattern updates.
Provider | Token | Update |
---|---|---|
Alibaba | alibaba_cloud_access_key_id |
Updated detector for increased precision |
Alibaba | alibaba_cloud_access_key_secret |
Updated detector for increased precision |
Anthropic | anthropic_api_key |
Added to validity checks |
Anthropic | anthropic_admin_api_key |
Added to validity checks |
Azure | azure_devops_personal_access_token |
Updated detector for new pattern format |
Bitrise | bitrise_personal_access_token |
Added to validity checks |
Contentful | contentful_personal_access_token |
Added to validity checks |
DigitalOcean | digitalocean_oauth_token |
Added to validity checks |
DigitalOcean | digitalocean_personal_access_token |
Added to validity checks |
Dropbox | dropbox_access_token |
Added to validity checks |
Duffel | duffel_live_access_token |
Added to validity checks |
Duffel | duffel_test_access_token |
Added to validity checks |
Generic | http_bearer_authentication_header |
Updated detector for increased precision |
GitLab | gitlab_access_token |
Added to validity checks |
Groq | groq_api_key |
Added to push protection |
HashiCorp | terraform_api_token |
Added to validity checks |
Heroku | heroku_platform_api_oauth2_token |
Added to push protection |
OpenAI | openai_api_key |
Updated detector for increased recall |
Polar | polar_access_token |
Updated detector for new pattern format, added to push protection |
Polar | polar_authorization_code |
Updated detector for new pattern format, added to push protection |
Polar | polar_client_registration_token |
Updated detector for new pattern format, added to push protection |
Polar | polar_client_secret |
Updated detector for new pattern format, added to push protection |
Polar | polar_personal_access_token |
Updated detector for new pattern format, added to push protection |
Polar | polar_refresh_token |
Updated detector for new pattern format, added to push protection |
ReadMe | readmeio_api_access_token |
Added to validity checks |
Salesforce | salesforce_oauth2_consumer_key |
Added to push protection |
Salesforce | salesforce_oauth2_consumer_secret |
Added to push protection |
Tailscale | tailscale_api_key |
Added to validity checks |
Workato | workato_developer_api_token 1 |
Added to validity checks |
xAI | xai_api_key |
Added to push protection |
Learn more about securing your repositories with secret scanning.
- Includes support for regional variants: JP (Japan), SG (Singapore), EU (Europe), and US (United States) versions of the Workato Developer API Token. ↩