Improvement
Secret Protection expands default pattern support – September 2025
GitHub continually updates the default pattern set for secret scanning with new patterns and upgrades to existing patterns, helping ensure your repositories have comprehensive detection for different secret types.
The following new patterns were added over the past two months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets.
| Provider | Token | Partner | User | Push protection |
|---|---|---|---|---|
| Aikido | aikido_api_client_secret | x | x | |
| Aikido | aikido_ci_scanning_token | x | x | |
| Airtable | airtable_api_key | x | ||
| Azure | azure_quantum_key | x | x | x |
| Cohere | cohere_api_key | x | ||
| DeepSeek | deepseek_api_key | x | ||
| google_gemini_api_key | x | |||
| GuardSquare | guardsquare_appsweep_api_key | x | x | x |
| GuardSquare | guardsquare_cli_access_token | x | x | x |
| GuardSquare | guardsquare_maven_token | x | x | |
| hCaptcha | hcaptcha_siteverify_secret | x | x | |
| Mistral | mistral_ai_api_key | x | ||
| Openweather | openweather_api_key | x | ||
| Salesforce | salesforce_access_token | x | x | |
| Temporal | temporal_cloud_api_key | x | x | |
| Tencent | tencent_wechat_pay_token | x | ||
| Weights & Biases | wandb_api_key | x | ||
| ZenHub | zenhub_personal_api_key | x | x |
The following existing patterns have been added to push protection.
| Provider | Token |
|---|---|
| 1Password | 1password_service_account_token |
| Airtable | airtable_personal_access_token |
| Azure | azure_communication_services_connection_string |
| Azure | azure_iot_device_connection_string |
| Azure | azure_iot_hub_connection_string |
| Azure | azure_iot_provisioning_connection_string |
| Azure | azure_management_certificate |
| Azure | azure_sas_token |
| Azure | azure_signalr_connection_string |
| Buildkite | buildkite_agent_access_token |
| Buildkite | buildkite_agent_job_token |
| Buildkite | buildkite_agent_registration_token |
| Buildkite | buildkite_cluster_queue_token |
| Buildkite | buildkite_cluster_token |
| Buildkite | buildkite_packages_registry_token |
| Buildkite | buildkite_packages_temporary_token |
| Buildkite | buildkite_portal_secret |
| Buildkite | buildkite_portal_token |
| Dropbox | dropbox_access_token |
| facebook_access_token | |
| Frameio | frameio_developer_token |
| Hugging Face | hf_org_api_key |
| Langchain | langchain_api_personal_key |
| linkedin_client_secret | |
| Mailchimp | mailchimp_api_key |
| Messagebird | messagebird_api_key |
| Notion | notion_integration_token |
| Oculus | oculus_access_token |
| Pangea | pangea_token |
| Ramp | ramp_client_id |
| Ramp | ramp_client_secret |
| Salesforce | salesforce_refresh_token |
| Shippo | shippo_test_api_token |
| Shopify | shopify_merchant_token |
| Slack | slack_incoming_webhook_url |
| Snowflake | snowflake_programmatic_access_token |
| SourceGraph | sourcegraph_dotcom_user_gateway |
| SourceGraph | sourcegraph_license_key_token |
| Stripe | stripe_live_restricted_key |
| Stripe | stripe_test_restricted_key |
| Val | val_town_api_token |
| Yandex | yandex_cloud_iam_cookie |
| Yandex | yandex_cloud_iam_token |
| Yandex | yandex_predictor_api_key |
| Yandex | yandex_translate_api_key |
Learn more about securing your repositories with secret scanning.