Concepts for secret security

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block. Push protection can be applied at the repository, organization, and user account level.

Learn how GitHub's security tools can help you identify, remediate, and prevent secret leaks.

Learn about the different types of secret scanning alerts.

You can control which teams or roles have the ability to bypass push protection in your organization or repository.

When secret scanning detects authentication details for a service provider in a public repository on GitHub, an alert is sent directly to the provider. This allows service providers who are GitHub partners to promptly take action to secure their systems.

Learn how you are protected from leaking secrets during interactions with the GitHub MCP server, and how to bypass a push protection block if you need to.

Learn your options for unblocking your push to GitHub using the REST API if secret scanning detects a secret in the content of your API request.