Acerca de los patrones de secret scanning
Para obtener información detallada sobre cada tipo de alerta, consulte Acerca de las alertas de examen de secretos.
Para obtener más información sobre todos los patrones admitidos, consulte la sección Secretos admitidos a continuación.
Si usa la API REST para el secret scanning, puede usar Secret type para informar sobre secretos de emisores específicos. Para más información, consulta Puntos de conexión de la API REST para el examen de secretos.
Si cree que secret scanning debería haber detectado un secreto confirmado en el repositorio y no lo ha hecho, primero debe comprobar que GitHub admite el secreto. Para obtener más información, consulte las secciones siguientes. Para obtener más información sobre la solución avanzada de problemas, consulte Ámbito de detección de escaneo de secretos.
Secretos admitidos
En las tablas se enumeran los secretos admitidos por secret scanning para cada tipo de secreto. La información de las tablas puede incluir estos datos:
-
**Proveedor:** nombre del proveedor de tokens. -
**Partner:** token para el que se notifican fugas al partner de token correspondiente. Se aplica a repositorios públicos y a todos los gists, incluidos los gists secretos. Los gists secretos no son privados y cualquier persona con la dirección URL puede acceder a ellos. Consulte [Acerca de los gists](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists#about-gists). -
**Usuario:** token para el que se notifican fugas a los usuarios en GitHub.- Se aplica a repositorios públicos y a repositorios privados donde GitHub Secret Protection y secret scanning están habilitados.
- Incluye tokens predeterminados, que se relacionan con patrones admitidos y patrones personalizados especificados, así como tokens que no son de proveedor, como claves privadas, que suelen tener una relación mayor de falsos positivos.
- Para que secret scanning busque patrones que no son de proveedor, la detección de patrones que no son de proveedor debe estar habilitada para el repositorio o la organización. Para más información, consulta Activar el escaneo de secretos para tu repositorio.
-
**Protección contra inserción:** token para el que se notifican fugas a los usuarios en GitHub. Se a los repositorios con secret scanning y protección de inserción habilitada. -
**Comprobación de validez:** token para el que se implementa una comprobación de validez. Para los tokens de asociado, GitHub envía el token al asociado correspondiente. Ten en cuenta que no todos los asociados tienen su sede en Estados Unidos. Para obtener más información, consulte [Advanced Security](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) en la documentación de la directiva de sitio. -
**Comprobación de metadatos:** Token para el que están disponibles los metadatos extendidos, lo que proporciona contexto adicional sobre el secreto detectado. -
**Base64:** Token para el que se admiten las versiones codificadas en Base64.
Patrones que no son de proveedor
Los niveles de precisión se calculan en función de las tasas típicas de falsos positivos del tipo de patrón.
| Provider | Token | Description | Precisión |
|---|---|---|---|
| Genérico | clave_privada_ec | Claves privadas de curva elíptica (EC) usadas para operaciones criptográficas | High |
| Genérico | clave_privada_genérica | Claves privadas criptográficas con -----BEGIN PRIVATE KEY----- encabezado | High |
| Genérico | http_basic_authentication_header | Credenciales de autenticación básica HTTP en encabezados de solicitud | Media |
| Genérico | http_bearer_authentication_header | Tokens de portador HTTP usados para la autenticación de API | Media |
| Genérico | mongodb_connection_string | Cadenas de conexión para bases de datos de MongoDB que contienen credenciales | High |
| Genérico | mysql_connection_url | Cadenas de conexión para bases de datos MySQL que contienen credenciales | High |
| Genérico | openssh_private_key | Claves privadas de formato OpenSSH usadas para la autenticación SSH | High |
| Genérico | pgp_private_key | Claves privadas de PGP (bastante buena privacidad) usadas para el cifrado y la firma | High |
| Genérico | postgres_connection_string | Cadenas de conexión para bases de datos postgreSQL que contienen credenciales | High |
| Genérico | rsa_private_key | Claves privadas RSA usadas para operaciones criptográficas | High |
Nota:
**No se admiten** comprobaciones de validez para patrones que no son de proveedor.
Escaneo secreto de Copilot
Secret scanning usa Copilot para detectar contraseñas genéricas. Consulta Detección responsable de secretos genéricos con el análisis de secretos de Copilot.
| Provider | Token |
|---|---|
| Genérico | contraseña |
Nota:
No se admiten comprobaciones de validez ni protección de inserción para contraseñas.
Patrones predeterminados
Nota:
Las comprobaciones de validez y metadatos extendidos solo están disponibles para los usuarios con GitHub Team o GitHub Enterprise que activan esta función como parte de GitHub Secret Protection.
| Provider | Token | Partner | Usuario | Protección contra el envío de cambios | Comprobación de validez | Comprobación de metadatos | Base64 |
|---|---|---|---|---|---|---|---|
| 1Password | 1password_service_account_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adafruit | adafruit_io_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Adobe | adobe_client_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adobe | adobe_device_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adobe | adobe_pac_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adobe | adobe_refresh_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adobe | adobe_service_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Adobe | adobe_short_lived_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Aikido | aikido_api_client_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Aikido | aikido_ci_scanning_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Airtable | airtable_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Airtable | airtable_personal_access_token | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_auth_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Aiven | aiven_service_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Alibaba | alibaba_cloud_access_key_id, alibaba_cloud_access_key_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Amazon AWS | aws_access_key_id, aws_secret_access_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ |
| Amazon AWS | aws_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Amazon AWS | aws_secret_access_key, aws_session_token, aws_temporary_access_key_id | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_admin_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Anthropic | anthropic_session_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_actor_run_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_actor_run_proxy_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_api_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Apify | apify_integration_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_proxy_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_ui_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Apify | apify_webhook_dispatch_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Asaas | asaas_api_token | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Asana | asana_legacy_format_personal_access_token | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Asana | asana_personal_access_token Token versions | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Atlassian | atlassian_api_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Atlassian | atlassian_jwt | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Authress | authress_service_client_access_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_active_directory_application_id, azure_active_directory_application_secret | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_active_directory_user_credential | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_ai_services_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_anomaly_detector_ee_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_anomaly_detector_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_direct_management_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_gateway_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_repository_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_subscription_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_app_configuration_connection_string | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_app_configuration_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_batch_key_identifiable Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_cache_for_redis_access_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Azure | azure_cognitive_services_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_communication_services_connection_string | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_communication_services_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_computer_vision_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_container_registry_key_identifiable | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_content_moderator_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_content_safety_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_cosmosdb_key_identifiable Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Azure | azure_custom_vision_prediction_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_custom_vision_training_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_devops_personal_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_event_grid_key_identifiable Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_event_hub_key_identifiable | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_face_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_fluid_relay_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_form_recognizer_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_function_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Azure | azure_health_decision_support_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_health_insights_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_immersive_reader_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_internal_all_in_one_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_device_connection_string | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_device_provisioning_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_hub_connection_string | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_hub_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_provisioning_connection_string | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_knowledge_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_logic_apps_url Token versions | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_luis_authoring_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_luis_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_management_certificate | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_maps_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_metrics_advisor_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_mixed_reality_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_ml_inference_identifiable_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_ml_internal_service_principal_identifiable_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_ml_web_service_classic_identifiable_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_openai_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Azure | azure_personalizer_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_qna_maker_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_qna_maker_v2_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_quantum_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_relay_key_identifiable | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sas_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_search_admin_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_search_query_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_service_bus_identifiable | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_signalr_connection_string | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_signalr_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_speech_services_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_speech_translation_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_connection_string | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_sql_internal_default_cloudsa_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_sql_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_storage_account_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Azure | azure_text_analytics_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_text_translation_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_video_intelligence_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_web_app_bot_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_web_pub_sub_connection_string | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_web_pub_sub_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Azure | microsoft_azure_entra_id_token | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Azure | microsoft_corporate_network_user_credential | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Baidu | baiduai_api_key | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Baidu | baiducloud_api_accesskey | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Beamer | beamer_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Bitbucket | bitbucket_server_personal_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Bitrise | bitrise_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Bitrise | bitrise_workspace_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Block Protocol | block_protocol_api_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Brevo | sendinblue_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ |
| Brevo | sendinblue_smtp_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_agent_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_agent_job_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_agent_registration_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_cluster_queue_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_cluster_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_packages_registry_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_packages_temporary_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_portal_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_portal_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Buildkite | buildkite_user_access_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Canadian Digital Service | cds_canada_notify_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_app_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Canva | canva_connect_api_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Canva | canva_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Cashfree | cashfree_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Cfx.re | cfxre_server_key | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Checkout.com | checkout_production_secret_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Checkout.com | checkout_test_secret_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Chief Tools | chief_tools_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| CircleCI | circleci_bot_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| CircleCI | circleci_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_project_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| CircleCI | circleci_release_integration_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Clojars | clojars_deploy_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| CloudBees | codeship_credential | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Cockroach Labs | ccdb_api_key | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Cohere | cohere_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Contentful | contentful_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Contentful | contentful_web_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Contributed Systems | contributed_systems_credentials | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Coveo | coveo_access_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Coveo | coveo_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| crates.io | cratesio_api_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databento | databento_api_key | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Databricks | databricks_access_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Databricks | databricks_account_session_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Databricks | databricks_federated_account_session_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Databricks | databricks_oauth_code | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_oauth_refresh_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_oauth_secret_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Databricks | databricks_oauth_single_use_refresh_token_child | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_oauth_single_use_refresh_token_parent | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_scoped_api_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Databricks | databricks_scoped_internal_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_workspace_session_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Datadog | datadog_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Datadog | datadog_app_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Datadog | datadog_rcm | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Datastax | datastax_astracs_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| DeepSeek | deepseek_api_key | ✗ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Defined Networking | defined_networking_nebula_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_client_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| DevCycle | devcycle_mobile_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| DevCycle | devcycle_server_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| DigitalOcean | digitalocean_oauth_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_refresh_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| DigitalOcean | digitalocean_system_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Discord | discord_bot_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Docker | docker_organization_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Docker | docker_personal_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Docker | docker_swarm_join_token | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Docker | docker_swarm_unlock_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Doppler | doppler_audit_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_cli_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_personal_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_scim_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_account_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Dropbox | dropbox_access_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Dropbox | dropbox_short_lived_access_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Duffel | duffel_live_access_token | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_test_access_token | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Dynatrace | dynatrace_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_internal_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| EasyPost | easypost_production_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| EasyPost | easypost_test_api_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| eBay | ebay_production_client_id, ebay_production_client_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_sandbox_client_id, ebay_sandbox_client_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Elastic | elastic_cloud_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| facebook_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ | |
| Fastly | fastly_api_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Fieldguide | fieldguide_api_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Figma | figma_pat | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Figma | figma_scim_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Finicity | finicity_app_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Firebase | firebase_cloud_messaging_server_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Flickr | flickr_api_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Flutterwave | flutterwave_live_api_secret_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Flutterwave | flutterwave_test_api_secret_key | ✗ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Frame.io | frameio_developer_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Frame.io | frameio_jwt | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| FullStory | fullstory_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| GitHub | github_app_installation_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| GitHub | github_oauth_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| GitHub | github_personal_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| GitHub | github_refresh_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| GitHub | github_ssh_private_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_test_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| GitLab | gitlab_access_token Token versions | ✗ | ✓ | ✓ | ✓ | ✓ | ✓ |
| GoCardless | gocardless_live_access_token | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| GoCardless | gocardless_sandbox_access_token | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| google_api_key | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ | |
| google_cloud_service_account_credentials | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret, google_cloud_storage_service_account_access_key_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret, google_cloud_storage_user_access_key_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | |
| google_gcp_api_key_bound_service_account | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | |
| google_gemini_api_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | |
| google_oauth_access_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ | |
| google_oauth_client_id, google_oauth_client_secret Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ | |
| google_oauth_refresh_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ | |
| Grafana | grafana_cloud_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_cloud_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Grafana | grafana_project_service_account_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Groq | groq_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ |
| GuardSquare | guardsquare_appsweep_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| GuardSquare | guardsquare_cli_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| GuardSquare | guardsquare_maven_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_batch_token Token versions | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_root_service_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_service_token Token versions | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | terraform_api_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| hCaptcha | hcaptcha_siteverify_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Heroku | heroku_platform_api_oauth2_token | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Heroku | heroku_postgres_connection_url | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Highnote | highnote_rk_live_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Highnote | highnote_rk_test_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Highnote | highnote_sk_live_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_test_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_bearer | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HOP | hop_pat | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| HOP | hop_ptk | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_api_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_personal_access_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_private_apps_user_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_smtp_credential Token versions | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Hugging Face | hf_org_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Hugging Face | hf_user_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| IBM | ibm_cloud_iam_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Intercom | intercom_access_token | ✗ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Ionic | ionic_personal_access_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Ionic | ionic_refresh_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Iterative | iterative_dvc_studio_access_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_reference_token Token versions | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Langchain | langchain_api_personal_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Langchain | langchain_api_server_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Langchain | langsmith_license_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Langchain | langsmith_scim_bearer_token | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Lark | lark_apaas_client_id, lark_apaas_client_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Lark | lark_app_id, lark_app_secret | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Lark | lark_mcp_grant_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Lark | lark_meego_plugin_id, lark_meego_plugin_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Lark | lark_user_session | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| LaunchDarkly | launchdarkly_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Lichess | lichess_oauth_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Lichess | lichess_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Lightspeed | lightspeed_xs_pat | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Limbar | limbar_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Linear | linear_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Linear | linear_oauth_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| linkedin_client_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | |
| Lob | lob_live_api_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Lob | lob_test_api_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Localstack | localstack_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| LogicMonitor | logicmonitor_bearer_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| LogicMonitor | logicmonitor_lmv1_access_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Login with Amazon | amazon_oauth_client_id, amazon_oauth_client_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Mailchimp | mailchimp_api_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Mailchimp | mandrill_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_api_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_password | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_username | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Mailgun | mailgun_smtp_credential | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Mapbox | mapbox_secret_access_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| MaxMind | maxmind_license_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_non_production_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_production_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Mergify | mergify_application_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| MessageBird | messagebird_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Microsoft | power_automate_webhook_sas | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Midtrans | midtrans_production_server_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Midtrans | midtrans_sandbox_server_key | ✗ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Mistral AI | mistral_ai_api_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| MongoDB | mongodb_atlas_db_uri_with_credentials | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| MongoDB | mongodb_atlas_service_account_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_gov_access_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_gov_access_key_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_gov_sts | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_gov_sts_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_pub_access_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_pub_access_key_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_pub_sts | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Naver Cloud | navercloud_pub_sts_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Neon | neon_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Neon | neon_connection_uri | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Netflix | netflix_netkey | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_insights_query_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_license_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| New Relic | new_relic_personal_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_rest_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Notion | notion_api_token | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Notion | notion_integration_token | ✗ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Notion | notion_oauth_client_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| npm | npm_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| NuGet | nuget_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Octopus Deploy | octopus_deploy_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Oculus | oculus_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_eb_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_eb_encryption_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_oauth_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_refresh_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| OneSignal | onesignal_rich_authentication_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Onfido | onfido_live_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_sandbox_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| OpenAI | openai_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| OpenRouter | openrouter_api_key | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| OpenVSX | openvsx_access_token Token versions | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Openweather | openweather_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Oracle | oracle_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Orbit | orbit_api_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Paddle | paddle_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Paddle | paddle_sandbox_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Palantir | palantir_jwt | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Pangea | pangea_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Perplexity | perplexity_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Persona Identities | persona_production_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_sandbox_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Pineapple Technologies Limited | pineapple_technologies_incident_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Pinecone | pinecone_api_key, pinecone_environment | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| pinterest_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | |
| pinterest_refresh_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | |
| PlanetScale | planetscale_database_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PlanetScale | planetscale_oauth_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PlanetScale | planetscale_service_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Planning Center | planning_center_oauth_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_oauth_app_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Planning Center | planning_center_personal_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Plivo | plivo_auth_id, plivo_auth_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_access_token Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Polar | polar_authorization_code Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_registration_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_secret Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_customer_session_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_personal_access_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_refresh_token Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_user_session_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PostHog | posthog_feature_flags_secure_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| PostHog | posthog_oauth_access_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| PostHog | posthog_oauth_refresh_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| PostHog | posthog_personal_api_key | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Postman | postman_api_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Postman | postman_collection_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_server_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Prefect | prefect_user_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_consumer_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_linkage_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_registration_key | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_secret_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Proof | proof_full_access_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Pulumi | pulumi_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| PyPI | pypi_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Rainforest Pay | rainforest_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Rainforest Pay | rainforest_sandbox_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_client_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_client_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_oauth_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Raycast | raycast_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| ReadMe | readmeio_api_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| redirect.pizza | redirect_pizza_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Replicate | replicate_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Rootly | rootly_api_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| RubyGems | rubygems_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| RunPod | runpod_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Salesforce | salesforce_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Salesforce | salesforce_marketing_cloud_api_oauth2_token | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Salesforce | salesforce_oauth2_consumer_key, salesforce_oauth2_consumer_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Salesforce | salesforce_refresh_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Samsara | samsara_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Samsara | samsara_oauth_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Scalr | scalr_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Segment | segment_public_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| SendGrid | sendgrid_api_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Sentry | sentry_integration_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_organization_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_personal_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Sentry | sentry_user_app_auth_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shippo | shippo_live_api_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shippo | shippo_test_api_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopee | shopee_open_platform_partner_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_client_credentials | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_client_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_shared_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_custom_app_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_marketplace_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Shopify | shopify_merchant_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_partner_api_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_private_app_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Siemens | siemens_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Siemens | siemens_code_token | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Sindri | sindri_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_api_token Token versions | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Slack | slack_incoming_webhook_url | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_workflow_webhook_url | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Snowflake | snowflake_postgres_connection_string | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Snowflake | snowflake_postgres_host, snowflake_postgres_password | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Snowflake | snowflake_programmatic_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_access_token | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Sourcegraph | sourcegraph_dotcom_user_gateway | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_instance_identifier_access_token | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Sourcegraph | sourcegraph_license_key_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_product_subscription_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token Token versions | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Square | square_production_application_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Square | square_sandbox_application_secret | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_api_key Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| SSLMate | sslmate_cluster_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_api_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Stripe | stripe_legacy_api_key | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Stripe | stripe_live_restricted_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_restricted_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_secret_key | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ |
| Stripe | stripe_webhook_signing_secret | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Supabase | supabase_personal_access_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Supabase | supabase_secret_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Supabase | supabase_service_key Token versions | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Tableau | tableau_personal_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Tailscale | tailscale_api_key | ✓ | ✓ | ✗ | ✓ | ✓ | ✗ |
| Telegram | telegram_bot_token | ✗ | ✓ | ✗ | ✓ | ✓ | ✗ |
| Telnyx | telnyx_api_v2_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Temporal | temporal_cloud_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Tencent | tencent_cloud_intl_access_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Tencent | tencent_cloud_secret_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Tencent | tencent_wechat_api_app_id | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Tencent | tencent_wechat_pay_token | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Thunderstore | thunderstore_io_api_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Twilio | twilio_access_token | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Twilio | twilio_account_sid Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✓ |
| Twilio | twilio_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Typeform | typeform_personal_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Uniwise | wiseflow_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Unkey | unkey_root_key | ✓ | ✓ | ✗ | ✓ | ✗ | ✗ |
| Val Town | val_town_api_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Vercel | vercel_api_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Vercel | vercel_app_refresh_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Vercel | vercel_app_user_access_token | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Vercel | vercel_integration_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Vercel | vercel_personal_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Vercel | vercel_support_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| VolcEngine | volcengine_access_key_id | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Wakatime | wakatime_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_app_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Wakatime | wakatime_oauth_access_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_refresh_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Weatherstack | weatherstack_api_key | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ |
| Weights & Biases | wandb_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Workato | workato_developer_api_token Token versions | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_production_api_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| WorkOS | workos_staging_api_key Token versions | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| WSO2 | wso2_choreo_personal_access_token | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| xAI | xai_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_cloud_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_access_secret | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_cookie | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_cloud_smartcaptcha_server_key | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_dictionary_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_passport_oauth_token | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_predictor_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_translate_api_key | ✗ | ✓ | ✓ | ✓ | ✗ | ✗ |
| ZenHub | zenhub_personal_api_key | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ |
| Zuplo | zuplo_consumer_api_key | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ |
Versiones de token
Los proveedores de servicios actualizan los patrones usados para generar tokens periódicamente y pueden admitir más de una versión de un token. La protección contra inserción solo admite las versiones de token más recientes que secret scanning puede identificar con confianza. Esto evita la inserción de confirmaciones de bloqueo de protección innecesariamente cuando un resultado puede ser un falso positivo, lo que es más probable que se produzca con tokens heredados.
Secretos de varias partes
De forma predeterminada, secret scanning admite la validación de claves de acceso coincidentes con pares e identificadores de clave.
Secret scanning también admite la validación de identificadores de clave individuales para los identificadores de clave de acceso de Amazon AWS, además de la coincidencia de pares existente.
Un identificador de clave se mostrará como activo si secret scanning confirma que el identificador de clave existe, independientemente de si se encuentra o no una clave de acceso correspondiente. El identificador de clave se mostrará como inactive si no fuera válido (por ejemplo, si no es un identificador de clave real).
Cuando se encuentra un par válido, se vincularán las alertas de secret scanning.
Lectura adicional
-
[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts) -
[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program) -
[AUTOTITLE](/code-security/getting-started/securing-your-repository) -
[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)