支持的机密扫描模式

关于 secret scanning 模式

有三种类型的机密扫描警报：

用户警报：在存储库中检测到支持的机密时，在存储库的安全选项卡中向用户报告。
推送保护警报：当参与者绕过推送保护时，在存储库的安全选项卡中向用户报告。
合作伙伴警报：直接向属于 secret scanning 合作伙伴计划的机密提供方报告。这些警报不会在存储库的安全选项卡中报告。

有关每种警报类型的深入信息，请参阅关于机密扫描警报。

有关所有受支持的模式的详细信息，请参阅下面的支持的机密部分。

如果你使用 REST API 进行 secret scanning，则可以使用 Secret type 报告来自特定颁发者的机密。有关详细信息，请参阅“适用于机密扫描的 REST API 终结点”。

如果你认为 secret scanning 应检测到提交到存储库的机密，但却尚未检测到，则首先需要检查 GitHub 是否支持你的机密。有关详细信息，请查看以下部分。有关高级故障排除的详细信息，请参阅排查机密扫描问题。

支持的机密

这些表列出了 secret scanning 支持的每种机密类型的机密。表中的信息可能包括以下数据：

          **提供商：** 令牌提供商的名称。

          **合作伙伴：** 将泄漏报告给相关令牌合作伙伴的令牌。 适用于公共存储库和所有 gist，包括机密 gist。 所谓的私密代码片段并不是私有的，任何拥有该 URL 的人都可以访问。 请参阅[关于 gist](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists#about-gists)。

```
          **用户：** 向 GitHub 上的用户报告泄漏的令牌。
```
- 适用于公共仓库，以及启用了 GitHub Secret Protection 和 secret scanning 的专用仓库。
- 包括与支持的模式和指定的自定义模式相关的默认令牌，以及非提供商令牌（例如私钥），这些令牌通常具有较高的误报率。
- 要使 secret scanning 扫描非提供商模式，必须为存储库或组织启用非提供商模式检测。有关详细信息，请参阅“为存储库启用机密扫描”。

          **推送保护**：向 GitHub 上的用户报告泄漏的令牌。 适用于启用了 secret scanning 和推送保护的存储库。

          **验证检查：** 实现其有效性检查的令牌。 对于合作伙伴令牌，GitHub 会将令牌发送给相关合作伙伴。 请注意，并非所有合作伙伴都位于美国。 有关详细信息，请参阅站点策略文档中的 [Advanced Security](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)。

        **Base64：** 支持 Base64 编码版本的令牌。

非提供商模式

根据模式类型的典型误报率估计精度级别。

Provider	标记	Description	精准率
常规	ec_private_key	用于加密操作的椭圆曲线（EC）私钥	High
常规	通用私钥	带标头的 `-----BEGIN PRIVATE KEY-----` 加密私钥	High
常规	http_basic_authentication_header	请求标头中的 HTTP 基本身份验证凭据	中等
常规	http_bearer_authentication_header	用于 API 身份验证的 HTTP 持有者令牌	中等
常规	mongodb_connection_string	包含凭据的 MongoDB 数据库的连接字符串	High
常规	mysql_connection_string	包含凭据的 MySQL 数据库的连接字符串	High
常规	openssh_private_key	用于 SSH 身份验证的 OpenSSH 格式私钥	High
常规	pgp_private_key	用于加密和签名的 PGP （相当良好的隐私）私钥	High
常规	postgres_connection_string	包含凭据的 PostgreSQL 数据库的连接字符串	High
常规	rsa_private_key	用于加密作的 RSA 私钥	High

注意

非提供程序模式不支持有效性检查。

Copilot 机密扫描

Secret scanning 使用 Copilot 来检测泛型密码。请参阅“使用 Copilot 机密扫描负责任地检测通用机密”。

Provider	标记
常规	密码

注意

密码不支持推送保护和有效性检查。

默认的模式

注意

有效性检查仅适用于在 GitHub Secret Protection 中启用了该功能的 GitHub Team 或 GitHub Enterprise 用户。

Provider	标记	合作伙伴	用户	推送保护	验证检查	Base64
1Password	1password_service_account_token	✗	✓	✓	✗	✗
Adafruit	adafruit_io_key	✓	✓	✓	✓	✗
Adobe	adobe_client_secret	✓	✓	✓	✗	✗
Adobe	adobe_device_token	✓	✓	✓	✗	✗
Adobe	adobe_pac_token	✓	✓	✓	✗	✗
Adobe	adobe_refresh_token	✓	✓	✓	✗	✗
Adobe	adobe_service_token	✓	✓	✓	✗	✗
Adobe	adobe_short_lived_access_token	✓	✓	✓	✗	✗
Aikido	aikido_api_client_secret	✗	✓	✓	✗	✗
Aikido	aikido_ci_scanning_token	✗	✓	✓	✗	✗
Airtable	airtable_api_key	✗	✓	✗	✗	✗
Airtable	airtable_personal_access_token	✗	✓	✓	✗	✗
Aiven	aiven_auth_token	✓	✓	✓	✗	✗
Aiven	aiven_service_password	✓	✓	✓	✗	✗
Alibaba	alibaba_cloud_access_key_id, alibaba_cloud_access_key_secret	✓	✓	✓	✗	✗
Amazon AWS	aws_access_key_id, aws_secret_access_key Token versions	✓	✓	✓	✓	✓
Amazon AWS	aws_api_key	✓	✓	✗	✗	✗
Amazon AWS	aws_secret_access_key, aws_session_token, aws_temporary_access_key_id	✗	✓	✓	✓	✗
Anthropic	anthropic_admin_api_key	✓	✓	✓	✓	✗
Anthropic	anthropic_api_key Token versions	✓	✓	✓	✓	✓
Anthropic	anthropic_session_id	✓	✓	✓	✗	✗
Apify	apify_actor_run_api_token	✓	✓	✓	✗	✗
Apify	apify_actor_run_proxy_password	✓	✓	✓	✗	✗
Apify	apify_api_token	✓	✓	✓	✓	✗
Apify	apify_integration_api_token	✓	✓	✓	✗	✗
Apify	apify_proxy_password	✓	✓	✓	✗	✗
Apify	apify_ui_token	✓	✓	✓	✗	✗
Apify	apify_webhook_dispatch_api_token	✓	✓	✓	✗	✗
Asaas	asaas_api_token	✓	✓	✗	✓	✗
Asana	asana_legacy_format_personal_access_token	✗	✓	✗	✗	✗
Asana	asana_personal_access_token Token versions	✗	✓	✓	✗	✗
Atlassian	atlassian_api_token Token versions	✓	✓	✓	✗	✗
Atlassian	atlassian_jwt	✓	✓	✓	✗	✗
Authress	authress_service_client_access_key	✓	✓	✓	✗	✗
Azure	azure_active_directory_application_id, azure_active_directory_application_secret	✗	✓	✗	✗	✗
Azure	azure_active_directory_application_secret Token versions	✓	✓	✓	✗	✗
Azure	azure_active_directory_user_credential	✓	✓	✗	✗	✗
Azure	azure_ai_services_key	✓	✓	✓	✗	✗
Azure	azure_anomaly_detector_ee_key	✓	✓	✓	✗	✗
Azure	azure_anomaly_detector_key	✓	✓	✓	✗	✗
Azure	azure_apim_direct_management_key	✓	✓	✓	✗	✗
Azure	azure_apim_gateway_key	✓	✓	✓	✗	✗
Azure	azure_apim_repository_key	✓	✓	✓	✓	✗
Azure	azure_apim_subscription_key	✓	✓	✓	✗	✗
Azure	azure_app_configuration_connection_string	✗	✓	✓	✓	✗
Azure	azure_app_configuration_key	✓	✓	✓	✗	✗
Azure	azure_batch_key_identifiable Token versions	✓	✓	✓	✗	✗
Azure	azure_cache_for_redis_access_key Token versions	✓	✓	✓	✗	✓
Azure	azure_cognitive_services_key	✓	✓	✓	✗	✗
Azure	azure_communication_services_connection_string	✗	✓	✓	✓	✗
Azure	azure_communication_services_key	✓	✓	✓	✗	✗
Azure	azure_computer_vision_key	✓	✓	✓	✗	✗
Azure	azure_container_registry_key_identifiable	✓	✓	✓	✗	✗
Azure	azure_content_moderator_key	✓	✓	✓	✗	✗
Azure	azure_content_safety_key	✓	✓	✓	✗	✗
Azure	azure_cosmosdb_key_identifiable Token versions	✓	✓	✓	✗	✓
Azure	azure_custom_vision_prediction_key	✓	✓	✓	✗	✗
Azure	azure_custom_vision_training_key	✓	✓	✓	✗	✗
Azure	azure_devops_personal_access_token Token versions	✓	✓	✓	✓	✗
Azure	azure_event_grid_key_identifiable Token versions	✓	✓	✓	✗	✗
Azure	azure_event_hub_key_identifiable	✓	✓	✓	✗	✗
Azure	azure_face_key	✓	✓	✓	✗	✗
Azure	azure_fluid_relay_key	✓	✓	✓	✗	✗
Azure	azure_form_recognizer_key	✓	✓	✓	✗	✗
Azure	azure_function_key Token versions	✓	✓	✓	✗	✓
Azure	azure_health_decision_support_key	✓	✓	✓	✗	✗
Azure	azure_health_insights_key	✓	✓	✓	✗	✗
Azure	azure_immersive_reader_key	✓	✓	✓	✗	✗
Azure	azure_internal_all_in_one_key	✓	✓	✓	✗	✗
Azure	azure_iot_device_connection_string	✗	✓	✓	✓	✗
Azure	azure_iot_device_key	✓	✓	✓	✗	✗
Azure	azure_iot_device_provisioning_key	✓	✓	✓	✗	✗
Azure	azure_iot_hub_connection_string	✗	✓	✓	✓	✗
Azure	azure_iot_hub_key	✓	✓	✓	✗	✗
Azure	azure_iot_provisioning_connection_string	✗	✓	✓	✓	✗
Azure	azure_knowledge_key	✓	✓	✓	✗	✗
Azure	azure_logic_apps_url Token versions	✓	✗	✗	✗	✗
Azure	azure_luis_authoring_key	✓	✓	✓	✗	✗
Azure	azure_luis_key	✓	✓	✓	✗	✗
Azure	azure_management_certificate	✓	✓	✓	✗	✗
Azure	azure_maps_key	✓	✓	✓	✓	✗
Azure	azure_metrics_advisor_key	✓	✓	✓	✗	✗
Azure	azure_mixed_reality_key	✓	✓	✓	✗	✗
Azure	azure_ml_inference_identifiable_key	✓	✓	✓	✗	✗
Azure	azure_ml_internal_service_principal_identifiable_key	✓	✗	✗	✗	✗
Azure	azure_ml_web_service_classic_identifiable_key	✓	✓	✓	✗	✗
Azure	azure_openai_key Token versions	✓	✓	✓	✗	✓
Azure	azure_personalizer_key	✓	✓	✓	✗	✗
Azure	azure_qna_maker_key	✓	✓	✓	✗	✗
Azure	azure_qna_maker_v2_key	✓	✓	✓	✗	✗
Azure	azure_quantum_key	✓	✓	✓	✗	✗
Azure	azure_relay_key_identifiable	✓	✓	✓	✗	✗
Azure	azure_sas_token	✓	✓	✓	✗	✗
Azure	azure_search_admin_key	✓	✓	✓	✗	✗
Azure	azure_search_query_key	✓	✓	✓	✗	✗
Azure	azure_service_bus_identifiable	✓	✓	✓	✗	✗
Azure	azure_signalr_connection_string	✗	✓	✓	✗	✗
Azure	azure_signalr_key Token versions	✓	✓	✓	✗	✗
Azure	azure_speech_services_key	✓	✓	✓	✗	✗
Azure	azure_speech_translation_key	✓	✓	✓	✗	✗
Azure	azure_sql_connection_string	✓	✓	✗	✗	✗
Azure	azure_sql_internal_default_cloudsa_key	✓	✗	✗	✗	✗
Azure	azure_sql_password	✓	✓	✓	✗	✗
Azure	azure_storage_account_key Token versions	✓	✓	✓	✗	✓
Azure	azure_text_analytics_key	✓	✓	✓	✗	✗
Azure	azure_text_translation_key	✓	✓	✓	✗	✗
Azure	azure_video_intelligence_key	✓	✓	✓	✗	✗
Azure	azure_web_app_bot_key	✓	✓	✓	✗	✗
Azure	azure_web_pub_sub_connection_string	✗	✓	✓	✗	✗
Azure	azure_web_pub_sub_key Token versions	✓	✓	✓	✗	✗
Azure	microsoft_azure_entra_id_token	✗	✓	✓	✓	✗
Azure	microsoft_corporate_network_user_credential	✓	✓	✗	✗	✗
Baidu	baiducloud_api_accesskey	✓	✓	✓	✗	✗
Beamer	beamer_api_key	✗	✓	✓	✗	✗
Bitbucket	bitbucket_server_personal_access_token	✗	✓	✓	✗	✗
Bitrise	bitrise_personal_access_token	✓	✓	✓	✓	✗
Bitrise	bitrise_workspace_api_token	✓	✓	✓	✓	✗
Block Protocol	block_protocol_api_key	✗	✓	✗	✓	✗
Brevo	sendinblue_api_key Token versions	✓	✓	✓	✓	✓
Brevo	sendinblue_smtp_key	✓	✓	✓	✗	✗
Buildkite	buildkite_agent_access_token	✓	✓	✓	✗	✗
Buildkite	buildkite_agent_job_token	✓	✓	✓	✗	✗
Buildkite	buildkite_agent_registration_token	✓	✓	✓	✗	✗
Buildkite	buildkite_cluster_queue_token	✓	✓	✓	✗	✗
Buildkite	buildkite_cluster_token	✓	✓	✓	✗	✗
Buildkite	buildkite_packages_registry_token	✓	✓	✓	✗	✗
Buildkite	buildkite_packages_temporary_token	✓	✓	✓	✗	✗
Buildkite	buildkite_portal_secret	✓	✓	✓	✗	✗
Buildkite	buildkite_portal_token	✓	✓	✓	✗	✗
Buildkite	buildkite_user_access_token	✓	✓	✗	✗	✗
Canadian Digital Service	cds_canada_notify_api_key	✓	✓	✓	✓	✗
Canva	canva_app_secret	✓	✓	✓	✗	✗
Canva	canva_connect_api_secret	✓	✓	✓	✗	✗
Canva	canva_secret	✓	✓	✓	✗	✗
Cashfree	cashfree_api_key	✓	✓	✓	✗	✗
Cfx.re	cfxre_server_key	✓	✓	✗	✗	✗
Checkout.com	checkout_production_secret_key Token versions	✓	✓	✓	✓	✗
Checkout.com	checkout_test_secret_key Token versions	✓	✓	✓	✓	✗
Chief Tools	chief_tools_token	✓	✓	✓	✗	✗
CircleCI	circleci_bot_access_token	✓	✓	✓	✗	✗
CircleCI	circleci_personal_access_token	✓	✓	✓	✓	✗
CircleCI	circleci_project_access_token	✓	✓	✓	✗	✗
CircleCI	circleci_release_integration_token	✓	✓	✓	✗	✗
Clojars	clojars_deploy_token	✓	✓	✓	✗	✗
CloudBees	codeship_credential	✓	✗	✗	✗	✗
Cockroach Labs	ccdb_api_key	✓	✓	✗	✓	✗
Cohere	cohere_api_key	✗	✓	✗	✗	✗
Contentful	contentful_personal_access_token	✓	✓	✓	✓	✗
Contentful	contentful_web_token	✓	✓	✓	✗	✗
Contributed Systems	contributed_systems_credentials	✓	✗	✗	✗	✗
Coveo	coveo_access_token	✓	✗	✗	✗	✗
Coveo	coveo_api_key	✓	✗	✗	✗	✗
crates.io	cratesio_api_token Token versions	✓	✓	✓	✗	✗
Databento	databento_api_key	✓	✓	✗	✓	✗
Databricks	databricks_access_token Token versions	✓	✓	✓	✗	✓
Databricks	databricks_account_session_token	✓	✓	✗	✗	✗
Databricks	databricks_federated_account_session_token	✓	✓	✗	✗	✗
Databricks	databricks_oauth_code	✓	✓	✓	✗	✗
Databricks	databricks_oauth_refresh_token	✓	✓	✓	✗	✗
Databricks	databricks_oauth_secret_token	✓	✓	✗	✗	✗
Databricks	databricks_oauth_single_use_refresh_token_child	✓	✓	✓	✗	✗
Databricks	databricks_oauth_single_use_refresh_token_parent	✓	✓	✓	✗	✗
Databricks	databricks_scoped_api_token	✓	✓	✗	✗	✗
Databricks	databricks_scoped_internal_token	✓	✓	✗	✗	✗
Databricks	databricks_token	✓	✓	✓	✗	✗
Databricks	databricks_workspace_session_token	✓	✓	✗	✗	✗
Datadog	datadog_api_key	✓	✗	✗	✗	✗
Datadog	datadog_app_key	✓	✗	✗	✗	✗
Datadog	datadog_rcm	✗	✓	✗	✗	✗
Datastax	datastax_astracs_token	✓	✓	✓	✗	✗
DeepSeek	deepseek_api_key	✗	✓	✗	✗	✗
Defined Networking	defined_networking_nebula_api_key	✓	✓	✓	✓	✗
DevCycle	devcycle_client_api_key	✓	✓	✓	✗	✗
DevCycle	devcycle_mobile_api_key	✓	✓	✓	✗	✗
DevCycle	devcycle_server_api_key	✓	✓	✓	✗	✗
DigitalOcean	digitalocean_oauth_token	✓	✓	✓	✓	✗
DigitalOcean	digitalocean_personal_access_token	✓	✓	✓	✓	✗
DigitalOcean	digitalocean_refresh_token	✓	✓	✓	✗	✗
DigitalOcean	digitalocean_system_token	✓	✓	✓	✗	✗
Discord	discord_bot_token Token versions	✓	✓	✓	✓	✗
Docker	docker_organization_access_token	✓	✓	✓	✗	✗
Docker	docker_personal_access_token	✓	✓	✓	✗	✗
Docker	docker_swarm_join_token	✗	✓	✗	✗	✗
Docker	docker_swarm_unlock_key	✗	✓	✗	✗	✗
Doppler	doppler_audit_token	✓	✓	✓	✓	✗
Doppler	doppler_cli_token	✓	✓	✓	✓	✗
Doppler	doppler_personal_token	✓	✓	✓	✓	✗
Doppler	doppler_scim_token	✓	✓	✓	✓	✗
Doppler	doppler_service_account_token	✓	✓	✓	✓	✗
Doppler	doppler_service_token	✓	✓	✓	✓	✗
Dropbox	dropbox_access_token	✓	✓	✓	✓	✗
Dropbox	dropbox_short_lived_access_token	✓	✓	✓	✓	✗
Duffel	duffel_live_access_token	✗	✓	✓	✓	✗
Duffel	duffel_test_access_token	✗	✓	✓	✓	✗
Dynatrace	dynatrace_api_token	✓	✓	✓	✗	✗
Dynatrace	dynatrace_internal_token	✓	✓	✓	✗	✗
EasyPost	easypost_production_api_key	✗	✓	✓	✗	✗
EasyPost	easypost_test_api_key	✗	✓	✗	✗	✗
eBay	ebay_production_client_id, ebay_production_client_secret	✗	✓	✓	✗	✗
eBay	ebay_sandbox_client_id, ebay_sandbox_client_secret	✗	✓	✓	✗	✗
Elastic	elastic_cloud_api_key	✗	✓	✓	✗	✗
Facebook	facebook_access_token	✓	✓	✓	✓	✗
Fastly	fastly_api_token Token versions	✓	✓	✗	✓	✗
Figma	figma_pat	✓	✓	✓	✓	✗
Finicity	finicity_app_key	✓	✓	✓	✗	✗
Firebase	firebase_cloud_messaging_server_key	✗	✓	✗	✗	✗
Flutterwave	flutterwave_live_api_secret_key	✗	✓	✓	✓	✗
Flutterwave	flutterwave_test_api_secret_key	✗	✓	✗	✓	✗
Frame.io	frameio_developer_token	✓	✓	✓	✓	✗
Frame.io	frameio_jwt	✓	✓	✓	✓	✗
FullStory	fullstory_api_key Token versions	✓	✓	✓	✓	✗
GitHub	github_app_installation_access_token Token versions	✓	✓	✓	✓	✓
GitHub	github_oauth_access_token Token versions	✓	✓	✓	✓	✓
GitHub	github_personal_access_token Token versions	✓	✓	✓	✓	✓
GitHub	github_refresh_token Token versions	✓	✓	✓	✓	✓
GitHub	github_ssh_private_key	✓	✓	✓	✓	✗
GitHub	github_test_token	✓	✓	✗	✗	✗
GitLab	gitlab_access_token Token versions	✗	✓	✓	✓	✓
GoCardless	gocardless_live_access_token	✓	✓	✗	✓	✗
GoCardless	gocardless_sandbox_access_token	✓	✓	✗	✓	✗
Google	google_api_key	✓	✓	✗	✓	✗
Google	google_cloud_service_account_credentials	✓	✓	✓	✓	✗
Google	google_cloud_storage_access_key_secret, google_cloud_storage_service_account_access_key_id	✓	✓	✓	✗	✗
Google	google_cloud_storage_access_key_secret, google_cloud_storage_user_access_key_id	✓	✓	✓	✗	✗
Google	google_gcp_api_key_bound_service_account	✓	✓	✗	✗	✗
Google	google_gemini_api_key	✗	✓	✗	✗	✗
Google	google_oauth_access_token	✓	✓	✓	✓	✗
Google	google_oauth_client_id, google_oauth_client_secret Token versions	✓	✓	✓	✗	✓
Google	google_oauth_refresh_token Token versions	✓	✓	✓	✗	✓
Grafana	grafana_cloud_api_key	✓	✓	✓	✓	✗
Grafana	grafana_cloud_api_token	✓	✓	✓	✓	✗
Grafana	grafana_project_api_key	✓	✓	✓	✗	✗
Grafana	grafana_project_service_account_token	✓	✓	✓	✗	✗
Groq	groq_api_key Token versions	✓	✓	✓	✓	✓
GuardSquare	guardsquare_appsweep_api_key	✓	✓	✓	✗	✗
GuardSquare	guardsquare_cli_access_token	✓	✓	✓	✗	✗
GuardSquare	guardsquare_maven_token	✓	✓	✓	✗	✗
HashiCorp	hashicorp_vault_batch_token Token versions	✗	✓	✓	✗	✗
HashiCorp	hashicorp_vault_root_service_token	✗	✓	✓	✗	✗
HashiCorp	hashicorp_vault_service_token Token versions	✗	✓	✓	✗	✗
HashiCorp	terraform_api_token	✓	✓	✓	✓	✗
hCaptcha	hcaptcha_siteverify_secret	✗	✓	✓	✗	✗
Heroku	heroku_platform_api_oauth2_token	✗	✓	✓	✓	✗
Heroku	heroku_postgres_connection_url	✗	✓	✓	✗	✗
Highnote	highnote_rk_live_key	✓	✓	✓	✗	✗
Highnote	highnote_rk_test_key	✓	✓	✓	✗	✗
Highnote	highnote_sk_live_key	✓	✓	✓	✓	✗
Highnote	highnote_sk_test_key	✓	✓	✓	✓	✗
HOP	hop_bearer	✓	✓	✓	✗	✗
HOP	hop_pat	✓	✓	✓	✗	✗
HOP	hop_ptk	✓	✓	✓	✗	✗
Hubspot	hubspot_api_key Token versions	✓	✓	✓	✗	✗
Hubspot	hubspot_personal_access_key	✓	✓	✓	✗	✗
Hubspot	hubspot_private_apps_user_token	✓	✓	✗	✗	✗
Hubspot	hubspot_smtp_credential Token versions	✓	✓	✗	✗	✗
Hugging Face	hf_org_api_key	✓	✓	✓	✗	✗
Hugging Face	hf_user_access_token Token versions	✓	✓	✓	✓	✓
IBM	ibm_cloud_iam_key	✓	✗	✗	✗	✗
Intercom	intercom_access_token	✗	✓	✓	✓	✗
Ionic	ionic_personal_access_token Token versions	✓	✓	✓	✗	✗
Ionic	ionic_refresh_token Token versions	✓	✓	✓	✗	✗
Iterative	iterative_dvc_studio_access_token	✓	✗	✗	✗	✗
JFrog	jfrog_platform_access_token	✗	✓	✓	✗	✗
JFrog	jfrog_platform_api_key	✗	✓	✓	✗	✗
JFrog	jfrog_platform_reference_token Token versions	✗	✓	✓	✗	✓
Langchain	langchain_api_personal_key	✗	✓	✓	✗	✗
Langchain	langchain_api_server_key	✗	✓	✓	✗	✗
Lark	lark_apaas_client_id, lark_apaas_client_secret	✓	✗	✗	✗	✗
Lark	lark_app_id, lark_app_secret	✓	✗	✗	✗	✗
Lark	lark_mcp_grant_token	✓	✗	✗	✗	✗
Lark	lark_meego_plugin_id, lark_meego_plugin_secret	✓	✗	✗	✗	✗
Lark	lark_user_session	✓	✓	✗	✗	✗
LaunchDarkly	launchdarkly_access_token	✓	✓	✗	✗	✗
Lichess	lichess_oauth_access_token	✓	✓	✓	✓	✗
Lichess	lichess_personal_access_token	✓	✓	✓	✓	✗
Lightspeed	lightspeed_xs_pat	✗	✓	✓	✗	✗
Limbar	limbar_token	✓	✓	✗	✗	✗
Linear	linear_api_key	✓	✓	✓	✗	✗
Linear	linear_oauth_access_token	✓	✓	✓	✗	✗
LinkedIn	linkedin_client_secret	✗	✓	✓	✗	✗
Lob	lob_live_api_key	✗	✓	✓	✓	✗
Lob	lob_test_api_key	✗	✓	✓	✓	✗
Localstack	localstack_api_key	✓	✓	✓	✗	✗
LogicMonitor	logicmonitor_bearer_token	✓	✓	✓	✗	✗
LogicMonitor	logicmonitor_lmv1_access_key	✓	✓	✓	✗	✗
Login with Amazon	amazon_oauth_client_id, amazon_oauth_client_secret	✓	✓	✓	✗	✗
Mailchimp	mailchimp_api_key	✓	✓	✓	✓	✗
Mailchimp	mandrill_api_key	✓	✗	✗	✗	✗
Mailersend	mailersend_api_token	✓	✗	✗	✗	✗
Mailersend	mailersend_smtp_password	✓	✗	✗	✗	✗
Mailersend	mailersend_smtp_username	✓	✗	✗	✗	✗
Mailgun	mailgun_api_key Token versions	✓	✓	✓	✓	✗
Mailgun	mailgun_smtp_credential	✓	✗	✗	✗	✗
Mapbox	mapbox_secret_access_token	✗	✓	✓	✓	✗
MaxMind	maxmind_license_key	✓	✓	✓	✓	✗
Mercury	mercury_non_production_api_token	✓	✓	✓	✓	✗
Mercury	mercury_production_api_token	✓	✓	✓	✓	✗
Mergify	mergify_application_key	✓	✓	✓	✗	✗
MessageBird	messagebird_api_key	✓	✓	✓	✗	✗
Microsoft	power_automate_webhook_sas	✓	✗	✗	✗	✗
Midtrans	midtrans_production_server_key	✗	✓	✓	✓	✗
Midtrans	midtrans_sandbox_server_key	✗	✓	✗	✓	✗
Mistral AI	mistral_ai_api_key	✗	✓	✗	✗	✗
MongoDB	mongodb_atlas_db_uri_with_credentials	✓	✓	✗	✓	✗
MongoDB	mongodb_atlas_service_account_secret	✓	✓	✓	✗	✗
Naver Cloud	navercloud_gov_access_key	✓	✓	✓	✗	✗
Naver Cloud	navercloud_gov_access_key_secret	✓	✓	✓	✗	✗
Naver Cloud	navercloud_gov_sts	✓	✓	✓	✗	✗
Naver Cloud	navercloud_gov_sts_secret	✓	✓	✓	✗	✗
Naver Cloud	navercloud_pub_access_key	✓	✓	✓	✗	✗
Naver Cloud	navercloud_pub_access_key_secret	✓	✓	✓	✗	✗
Naver Cloud	navercloud_pub_sts	✓	✓	✓	✗	✗
Naver Cloud	navercloud_pub_sts_secret	✓	✓	✓	✗	✗
Neon	neon_api_key	✓	✗	✗	✗	✗
Neon	neon_connection_uri	✓	✗	✗	✗	✗
Netflix	netflix_netkey	✓	✓	✗	✗	✗
New Relic	new_relic_insights_query_key	✗	✓	✓	✗	✗
New Relic	new_relic_license_key	✗	✓	✗	✗	✗
New Relic	new_relic_personal_api_key	✗	✓	✓	✗	✗
New Relic	new_relic_rest_api_key	✗	✓	✓	✗	✗
Notion	notion_api_token	✓	✓	✓	✓	✗
Notion	notion_integration_token	✗	✓	✓	✓	✗
Notion	notion_oauth_client_secret	✗	✓	✓	✗	✗
npm	npm_access_token Token versions	✓	✓	✓	✗	✗
NuGet	nuget_api_key Token versions	✓	✓	✓	✓	✗
Octopus Deploy	octopus_deploy_api_key	✓	✓	✓	✗	✗
Oculus	oculus_access_token	✗	✓	✓	✗	✗
OneChronos	onechronos_api_key	✗	✓	✓	✗	✗
OneChronos	onechronos_eb_api_key	✗	✓	✓	✗	✗
OneChronos	onechronos_eb_encryption_key	✗	✓	✓	✗	✗
OneChronos	onechronos_oauth_token	✗	✓	✓	✗	✗
OneChronos	onechronos_refresh_token	✗	✓	✓	✗	✗
OneSignal	onesignal_rich_authentication_token	✓	✓	✗	✗	✗
Onfido	onfido_live_api_token	✓	✓	✓	✓	✗
Onfido	onfido_sandbox_api_token	✓	✓	✓	✓	✗
OpenAI	openai_api_key Token versions	✓	✓	✓	✓	✗
OpenRouter	openrouter_api_key	✓	✓	✗	✓	✗
OpenVSX	openvsx_access_token Token versions	✗	✓	✗	✗	✗
Openweather	openweather_api_key	✗	✓	✗	✗	✗
Oracle	oracle_api_key	✓	✗	✗	✗	✗
Orbit	orbit_api_token	✗	✓	✓	✗	✗
Paddle	paddle_api_key	✓	✓	✓	✗	✗
Paddle	paddle_sandbox_api_key	✓	✓	✓	✗	✗
PagerDuty	pagerduty_oauth_secret	✗	✓	✓	✗	✗
PagerDuty	pagerduty_oauth_token	✗	✓	✓	✗	✗
Palantir	palantir_jwt	✓	✓	✓	✗	✗
Pangea	pangea_token	✗	✓	✓	✗	✗
Perplexity	perplexity_api_key	✗	✓	✓	✗	✗
Persona Identities	persona_production_api_key	✓	✓	✓	✓	✗
Persona Identities	persona_sandbox_api_key	✓	✓	✓	✓	✗
Pineapple Technologies Limited	pineapple_technologies_incident_api_key	✓	✓	✓	✗	✗
Pinecone	pinecone_api_key, pinecone_environment	✗	✓	✓	✗	✗
Pinterest	pinterest_access_token	✓	✓	✓	✗	✗
Pinterest	pinterest_refresh_token	✓	✓	✓	✗	✗
PlanetScale	planetscale_database_password	✓	✓	✓	✗	✗
PlanetScale	planetscale_oauth_token	✓	✓	✓	✗	✗
PlanetScale	planetscale_service_token	✓	✓	✓	✗	✗
Planning Center	planning_center_oauth_access_token	✓	✓	✓	✓	✗
Planning Center	planning_center_oauth_app_secret	✓	✓	✓	✗	✗
Planning Center	planning_center_personal_access_token	✓	✓	✓	✗	✗
Plivo	plivo_auth_id, plivo_auth_token	✓	✓	✓	✗	✗
Polar	polar_access_token Token versions	✓	✓	✓	✓	✗
Polar	polar_authorization_code Token versions	✓	✓	✓	✗	✗
Polar	polar_client_registration_token Token versions	✓	✓	✓	✗	✗
Polar	polar_client_secret Token versions	✓	✓	✓	✗	✗
Polar	polar_customer_session_token	✓	✓	✓	✗	✗
Polar	polar_personal_access_token Token versions	✓	✓	✓	✗	✗
Polar	polar_refresh_token Token versions	✓	✓	✓	✗	✗
Polar	polar_user_session_token	✓	✓	✓	✗	✗
PostHog	posthog_feature_flags_secure_api_key	✓	✓	✗	✗	✗
PostHog	posthog_personal_api_key	✓	✓	✗	✗	✗
Postman	postman_api_key	✓	✓	✓	✓	✗
Postman	postman_collection_key	✓	✓	✓	✓	✗
Prefect	prefect_server_api_key	✓	✓	✓	✗	✗
Prefect	prefect_user_api_key	✓	✓	✓	✗	✗
Proctorio	proctorio_consumer_key	✓	✓	✗	✗	✗
Proctorio	proctorio_linkage_key	✓	✓	✗	✗	✗
Proctorio	proctorio_registration_key	✓	✓	✗	✗	✗
Proctorio	proctorio_secret_key Token versions	✓	✓	✓	✗	✗
Proof	proof_full_access_api_key	✓	✓	✗	✗	✗
Pulumi	pulumi_access_token	✓	✓	✓	✓	✗
PyPI	pypi_api_token	✓	✓	✓	✗	✗
Rainforest Pay	rainforest_api_key	✓	✓	✓	✗	✗
Rainforest Pay	rainforest_sandbox_api_key	✓	✓	✗	✗	✗
Ramp	ramp_client_id	✓	✓	✓	✗	✗
Ramp	ramp_client_secret	✓	✓	✓	✗	✗
Ramp	ramp_oauth_token	✓	✓	✗	✗	✗
Raycast	raycast_access_token	✓	✓	✓	✗	✗
ReadMe	readmeio_api_access_token	✓	✓	✓	✓	✗
redirect.pizza	redirect_pizza_api_token	✓	✓	✓	✓	✗
Replicate	replicate_api_token	✓	✓	✓	✓	✗
Rootly	rootly_api_key	✗	✓	✓	✓	✗
RubyGems	rubygems_api_key	✓	✓	✓	✓	✗
RunPod	runpod_api_key	✓	✓	✓	✓	✗
Salesforce	salesforce_access_token	✗	✓	✓	✗	✗
Salesforce	salesforce_oauth2_consumer_key, salesforce_oauth2_consumer_secret	✗	✓	✓	✗	✗
Salesforce	salesforce_refresh_token	✗	✓	✓	✗	✗
Samsara	samsara_api_token	✓	✓	✓	✗	✗
Samsara	samsara_oauth_access_token	✓	✓	✓	✗	✗
Scalr	scalr_api_token	✓	✓	✓	✓	✗
Segment	segment_public_api_token	✓	✓	✓	✓	✗
SendGrid	sendgrid_api_key	✓	✓	✓	✓	✗
Sentry	sentry_integration_token	✗	✓	✓	✗	✗
Sentry	sentry_organization_token	✓	✓	✓	✗	✗
Sentry	sentry_personal_token	✓	✓	✓	✓	✗
Sentry	sentry_user_app_auth_token	✗	✓	✓	✗	✗
Shippo	shippo_live_api_token	✗	✓	✓	✗	✗
Shippo	shippo_test_api_token	✗	✓	✓	✗	✗
Shopee	shopee_open_platform_partner_key	✓	✓	✓	✗	✗
Shopify	shopify_access_token	✓	✓	✓	✗	✗
Shopify	shopify_app_client_credentials	✓	✓	✓	✗	✗
Shopify	shopify_app_client_secret	✓	✓	✓	✗	✗
Shopify	shopify_app_shared_secret	✓	✓	✓	✗	✗
Shopify	shopify_custom_app_access_token	✓	✓	✓	✗	✗
Shopify	shopify_marketplace_token	✓	✓	✗	✗	✗
Shopify	shopify_merchant_token	✓	✓	✓	✗	✗
Shopify	shopify_partner_api_token	✓	✓	✓	✗	✗
Shopify	shopify_private_app_password	✓	✓	✓	✗	✗
Siemens	siemens_api_token	✓	✓	✓	✓	✗
Siemens	siemens_code_token	✓	✗	✗	✗	✗
Sindri	sindri_api_key Token versions	✓	✓	✗	✓	✗
Slack	slack_api_token Token versions	✓	✓	✓	✓	✗
Slack	slack_incoming_webhook_url	✓	✓	✓	✓	✗
Slack	slack_workflow_webhook_url	✓	✓	✓	✗	✗
Snowflake	snowflake_postgres_connection_string	✓	✓	✓	✗	✗
Snowflake	snowflake_postgres_host, snowflake_postgres_password	✓	✓	✓	✗	✗
Snowflake	snowflake_programmatic_access_token	✓	✓	✓	✗	✗
Sourcegraph	sourcegraph_access_token	✓	✓	✗	✓	✗
Sourcegraph	sourcegraph_dotcom_user_gateway	✓	✓	✓	✗	✗
Sourcegraph	sourcegraph_instance_identifier_access_token	✓	✓	✗	✓	✗
Sourcegraph	sourcegraph_license_key_token	✓	✓	✓	✗	✗
Sourcegraph	sourcegraph_product_subscription_token	✓	✓	✗	✗	✗
Square	square_access_token Token versions	✗	✓	✓	✓	✗
Square	square_production_application_secret	✗	✓	✓	✗	✗
Square	square_sandbox_application_secret	✗	✓	✓	✗	✗
SSLMate	sslmate_api_key Token versions	✓	✓	✓	✓	✗
SSLMate	sslmate_cluster_secret	✓	✓	✓	✗	✗
Stripe	stripe_api_key	✓	✓	✓	✓	✗
Stripe	stripe_legacy_api_key	✓	✗	✗	✗	✗
Stripe	stripe_live_restricted_key	✓	✓	✓	✗	✗
Stripe	stripe_test_restricted_key	✓	✓	✓	✗	✗
Stripe	stripe_test_secret_key	✓	✓	✓	✓	✗
Stripe	stripe_webhook_signing_secret	✓	✓	✗	✗	✗
Supabase	supabase_personal_access_token	✓	✓	✗	✗	✗
Supabase	supabase_secret_key	✓	✓	✗	✗	✗
Supabase	supabase_service_key Token versions	✓	✓	✗	✗	✗
Tableau	tableau_personal_access_token	✗	✓	✓	✗	✗
Tailscale	tailscale_api_key	✓	✓	✗	✓	✗
Telegram	telegram_bot_token	✗	✓	✗	✓	✗
Telnyx	telnyx_api_v2_key	✓	✓	✓	✓	✗
Temporal	temporal_cloud_api_key	✓	✓	✓	✗	✗
Tencent	tencent_cloud_intl_access_token	✓	✓	✗	✗	✗
Tencent	tencent_cloud_secret_id	✓	✓	✓	✗	✗
Tencent	tencent_wechat_api_app_id	✓	✓	✗	✗	✗
Tencent	tencent_wechat_pay_token	✗	✓	✗	✗	✗
Thunderstore	thunderstore_io_api_token	✗	✓	✓	✗	✗
Twilio	twilio_access_token	✗	✓	✓	✗	✗
Twilio	twilio_account_sid Token versions	✓	✓	✓	✗	✓
Twilio	twilio_api_key	✓	✓	✓	✗	✗
Typeform	typeform_personal_access_token	✓	✓	✓	✓	✗
Uniwise	wiseflow_api_key	✓	✓	✓	✓	✗
Unkey	unkey_root_key	✓	✓	✗	✓	✗
Val Town	val_town_api_token	✓	✓	✓	✓	✗
Vercel	vercel_api_key	✓	✓	✓	✗	✗
Vercel	vercel_app_refresh_token	✓	✓	✗	✗	✗
Vercel	vercel_app_user_access_token	✓	✓	✗	✗	✗
Vercel	vercel_integration_access_token	✓	✓	✓	✗	✗
Vercel	vercel_personal_access_token	✓	✓	✓	✗	✗
Vercel	vercel_support_access_token	✓	✓	✓	✗	✗
VolcEngine	volcengine_access_key_id	✓	✓	✓	✗	✗
Wakatime	wakatime_api_key	✓	✓	✓	✓	✗
Wakatime	wakatime_app_secret	✓	✓	✓	✗	✗
Wakatime	wakatime_oauth_access_token	✓	✓	✓	✓	✗
Wakatime	wakatime_oauth_refresh_token	✓	✓	✓	✗	✗
Weights & Biases	wandb_api_key	✗	✓	✓	✗	✗
Workato	workato_developer_api_token Token versions	✓	✓	✓	✓	✗
WorkOS	workos_production_api_key Token versions	✓	✓	✓	✗	✗
WorkOS	workos_staging_api_key Token versions	✓	✓	✓	✗	✗
WSO2	wso2_choreo_personal_access_token	✓	✓	✓	✗	✗
xAI	xai_api_key	✓	✓	✓	✓	✗
Yandex	yandex_cloud_api_key	✓	✓	✓	✓	✗
Yandex	yandex_cloud_iam_access_secret	✓	✓	✓	✗	✗
Yandex	yandex_cloud_iam_cookie	✓	✓	✓	✗	✗
Yandex	yandex_cloud_iam_token	✓	✓	✓	✓	✗
Yandex	yandex_cloud_smartcaptcha_server_key	✓	✓	✓	✗	✗
Yandex	yandex_dictionary_api_key	✗	✓	✓	✗	✗
Yandex	yandex_passport_oauth_token	✓	✓	✓	✓	✗
Yandex	yandex_predictor_api_key	✗	✓	✓	✗	✗
Yandex	yandex_translate_api_key	✗	✓	✓	✓	✗
ZenHub	zenhub_personal_api_key	✗	✓	✓	✗	✗
Zuplo	zuplo_consumer_api_key	✓	✓	✓	✓	✗

令牌版本

服务提供商会更新用于定期生成令牌的模式，并且可能支持多个版本的令牌。推送保护仅支持 secret scanning 能够可靠识别的最新令牌版本。这样可以避免在结果可能是误报时，不必要地阻止提交推送保护，这种情况在使用旧令牌时更有可能发生。

多部分机密

默认情况下，secret scanning支持对成对匹配的访问密钥和密钥 ID 进行验证。

Secret scanning还支持对 Amazon AWS 访问密钥 ID 的单个密钥 ID 以及现有成对匹配进行验证。

如果secret scanning确认密钥 ID 存在，无论是否找到相应的访问密钥，此密钥 ID 都将显示为活动状态。如果此密钥 ID 无效（例如，如果它不是真正的密钥 ID），则它将显示为 inactive。

找到有效对时，将链接secret scanning警报。

延伸阅读

        [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)

        [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)

        [AUTOTITLE](/code-security/getting-started/securing-your-repository)

        [AUTOTITLE](/authentication/keeping-your-account-and-data-secure)