Acerca de los patrones de secret scanning
Para obtener información detallada sobre cada tipo de alerta, consulte Acerca de las alertas de examen de secretos.
Para obtener más información sobre todos los patrones admitidos, consulte la sección Secretos admitidos a continuación.
Si usa la API REST para el secret scanning, puede usar Secret type para informar sobre secretos de emisores específicos. Para más información, consulta Puntos de conexión de la API REST para el examen de secretos.
Si cree que secret scanning debería haber detectado un secreto confirmado en el repositorio y no lo ha hecho, primero debe comprobar que GitHub admite el secreto. Para obtener más información, consulte las secciones siguientes. Para obtener más información sobre la solución avanzada de problemas, consulte Ámbito de detección de escaneo de secretos.
Secretos admitidos
En las tablas se enumeran los secretos admitidos por secret scanning para cada tipo de secreto. La información de las tablas puede incluir estos datos:
-
**Proveedor:** nombre del proveedor de tokens. -
**Alerta de Secret scanning:** token para el que se notifican fugas a los usuarios en GitHub.- Se aplica a los repositorios privados en los que GitHub Secret Protection y secret scanning están habilitados.
- Incluye tokens predeterminados, que se relacionan con patrones admitidos y patrones personalizados especificados, así como tokens que no son de proveedor, como claves privadas, que suelen tener una relación mayor de falsos positivos.
-
**Protección contra inserción:** token para el que se notifican fugas a los usuarios en GitHub. Se a los repositorios con secret scanning y protección de inserción habilitada. -
**Comprobación de validez:** token para el que se implementa una comprobación de validez. Actualmente solo se aplica a los tokens de GitHub. -
**Comprobación de metadatos:** Token para el que están disponibles los metadatos extendidos, lo que proporciona contexto adicional sobre el secreto detectado. -
**Base64:** Token para el que se admiten las versiones codificadas en Base64.
Patrones que no son de proveedor
Los niveles de precisión se calculan en función de las tasas típicas de falsos positivos del tipo de patrón.
| Provider | Token | Description | Precisión |
|---|---|---|---|
| Genérico | http_basic_authentication_header | Credenciales de autenticación básica HTTP en encabezados de solicitud | Media |
| Genérico | http_bearer_authentication_header | Tokens de portador HTTP usados para la autenticación de API | Media |
| Genérico | mongodb_connection_string | Cadenas de conexión para bases de datos de MongoDB que contienen credenciales | High |
| Genérico | mysql_connection_url | Cadenas de conexión para bases de datos MySQL que contienen credenciales | High |
| Genérico | openssh_private_key | Claves privadas de formato OpenSSH usadas para la autenticación SSH | High |
| Genérico | pgp_private_key | Claves privadas de PGP (bastante buena privacidad) usadas para el cifrado y la firma | High |
| Genérico | postgres_connection_string | Cadenas de conexión para bases de datos postgreSQL que contienen credenciales | High |
| Genérico | rsa_private_key | Claves privadas RSA usadas para operaciones criptográficas | High |
Nota:
**No se admiten** comprobaciones de validez para patrones que no son de proveedor.
Patrones predeterminados
| Provider | Token | Secret scanning alert | Protección contra el envío de cambios | Comprobación de validez | Base64 |
|---|---|---|---|---|---|
| Adafruit | adafruit_io_key | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_client_secret | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_device_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_pac_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_service_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_auth_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_service_password | ✓ | ✓ | ✗ | ✗ |
| Alibaba | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_access_key_id aws_secret_access_key | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_secret_access_key aws_session_token aws_temporary_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_admin_api_key | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_api_key | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_session_id | ✓ | ✓ | ✗ | ✗ |
| Asaas | asaas_api_token | ✓ | ✗ | ✗ | ✗ |
| Asana | asana_legacy_format_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Asana | asana_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_jwt | ✓ | ✗ | ✗ | ✗ |
| Authress | authress_service_client_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret Token versions | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_user_credential | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_direct_management_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_gateway_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_repository_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_subscription_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_app_configuration_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_batch_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cache_for_redis_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_communication_services_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_container_registry_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cosmosdb_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_devops_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_event_hub_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_function_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_device_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_provisioning_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_hub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_hub_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_provisioning_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_management_certificate | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_ml_web_service_classic_identifiable_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_openai_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_relay_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_sas_token | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_search_admin_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_search_query_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_service_bus_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_signalr_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_password | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_storage_account_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_web_pub_sub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | microsoft_azure_entra_id_token | ✓ | ✓ | ✗ | ✗ |
| Azure | microsoft_corporate_network_user_credential | ✓ | ✗ | ✗ | ✗ |
| Baidu | baiducloud_api_accesskey | ✓ | ✓ | ✗ | ✗ |
| Beamer | beamer_api_key | ✓ | ✗ | ✗ | ✗ |
| Bitbucket | bitbucket_server_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Canadian Digital Service | cds_canada_notify_api_key | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_app_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_connect_api_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_secret | ✓ | ✓ | ✗ | ✗ |
| Cashfree | cashfree_api_key | ✓ | ✓ | ✗ | ✗ |
| Cfx.re | cfxre_server_key | ✓ | ✗ | ✗ | ✗ |
| Checkout.com | checkout_production_secret_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Checkout.com | checkout_test_secret_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Chief Tools | chief_tools_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_bot_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_project_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_release_integration_token | ✓ | ✓ | ✗ | ✗ |
| Clojars | clojars_deploy_token | ✓ | ✓ | ✗ | ✗ |
| CloudBees | codeship_credential | ✗ | ✗ | ✗ | ✗ |
| Cockroach Labs | ccdb_api_key | ✓ | ✗ | ✗ | ✗ |
| Contentful | contentful_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Contributed Systems | contributed_systems_credentials | ✗ | ✗ | ✗ | ✗ |
| Coveo | coveo_access_token | ✓ | ✗ | ✗ | ✗ |
| Coveo | coveo_api_key | ✓ | ✗ | ✗ | ✗ |
| crates.io | cratesio_api_token | ✓ | ✓ | ✗ | ✗ |
| Databento | databento_api_key | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_access_token | ✓ | ✓ | ✗ | ✗ |
| Datadog | datadog_api_key | ✗ | ✗ | ✗ | ✗ |
| Datadog | datadog_app_key | ✗ | ✗ | ✗ | ✗ |
| Datastax | datastax_astracs_token | ✓ | ✓ | ✗ | ✗ |
| Defined Networking | defined_networking_nebula_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_client_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_mobile_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_server_api_key | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_oauth_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_refresh_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_system_token | ✓ | ✓ | ✗ | ✗ |
| Discord | discord_bot_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Docker | docker_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_audit_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_cli_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_personal_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_scim_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_account_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_token | ✓ | ✓ | ✗ | ✗ |
| Dropbox | dropbox_access_token | ✓ | ✗ | ✗ | ✗ |
| Dropbox | dropbox_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_live_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_test_access_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_api_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_internal_token | ✓ | ✗ | ✗ | ✗ |
| EasyPost | easypost_production_api_key | ✓ | ✓ | ✗ | ✗ |
| EasyPost | easypost_test_api_key | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_production_client_id ebay_production_client_secret | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_sandbox_client_id ebay_sandbox_client_secret | ✓ | ✗ | ✗ | ✗ |
| facebook_access_token | ✓ | ✗ | ✗ | ✗ | |
| Fastly | fastly_api_token Token versions | ✓ | ✗ | ✗ | ✗ |
| Figma | figma_pat | ✓ | ✓ | ✗ | ✗ |
| Finicity | finicity_app_key | ✓ | ✗ | ✗ | ✗ |
| Firebase | firebase_cloud_messaging_server_key | ✓ | ✗ | ✗ | ✗ |
| Flutterwave | flutterwave_live_api_secret_key | ✓ | ✓ | ✗ | ✗ |
| Flutterwave | flutterwave_test_api_secret_key | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_developer_token | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_jwt | ✓ | ✗ | ✗ | ✗ |
| FullStory | fullstory_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| GitHub | github_app_installation_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_oauth_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_personal_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_refresh_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_ssh_private_key | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_test_token | ✓ | ✗ | ✗ | ✗ |
| GitHub Secret Scanning | secret_scanning_sample_token | ✓ | ✓ | ✗ | ✗ |
| GitLab | gitlab_access_token | ✓ | ✓ | ✗ | ✗ |
| GoCardless | gocardless_live_access_token | ✓ | ✗ | ✗ | ✗ |
| GoCardless | gocardless_sandbox_access_token | ✓ | ✗ | ✗ | ✗ |
| google_api_key | ✓ | ✗ | ✗ | ✗ | |
| google_cloud_service_account_credentials | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_service_account_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_user_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_gcp_api_key_bound_service_account | ✓ | ✗ | ✗ | ✗ | |
| google_oauth_access_token | ✓ | ✗ | ✗ | ✗ | |
| google_oauth_client_id google_oauth_client_secret | ✓ | ✓ | ✗ | ✗ | |
| google_oauth_refresh_token | ✓ | ✗ | ✗ | ✗ | |
| Grafana | grafana_cloud_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_cloud_api_token | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_service_account_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_batch_token Token versions | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_root_service_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_service_token Token versions | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | terraform_api_token | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_test_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_test_key | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_bearer | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_pat | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_ptk | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_personal_access_key | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_private_apps_user_token | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_smtp_credential Token versions | ✓ | ✗ | ✗ | ✗ |
| Hugging Face | hf_org_api_key | ✓ | ✗ | ✗ | ✗ |
| Hugging Face | hf_user_access_token | ✓ | ✓ | ✗ | ✗ |
| IBM | ibm_cloud_iam_key | ✓ | ✗ | ✗ | ✗ |
| IBM | ibm_softlayer_api_key | ✓ | ✗ | ✗ | ✗ |
| Intercom | intercom_access_token | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_personal_access_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_refresh_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Iterative | iterative_dvc_studio_access_token | ✗ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_access_token | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_api_key | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_reference_token | ✓ | ✓ | ✗ | ✗ |
| LaunchDarkly | launchdarkly_access_token | ✗ | ✗ | ✗ | ✗ |
| Lichess | lichess_oauth_access_token | ✓ | ✗ | ✗ | ✗ |
| Lichess | lichess_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Lightspeed | lightspeed_xs_pat | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_api_key | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| linkedin_client_secret | ✓ | ✗ | ✗ | ✗ | |
| Lob | lob_live_api_key | ✓ | ✗ | ✗ | ✗ |
| Lob | lob_test_api_key | ✓ | ✗ | ✗ | ✗ |
| Localstack | localstack_api_key | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_bearer_token | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_lmv1_access_key | ✓ | ✓ | ✗ | ✗ |
| Login with Amazon | amazon_oauth_client_id amazon_oauth_client_secret amazon_oauth_client_secret | ✓ | ✓ | ✗ | ✗ |
| Mailchimp | mailchimp_api_key | ✓ | ✗ | ✗ | ✗ |
| Mailchimp | mandrill_api_key | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_api_token | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_password | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_username | ✗ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_smtp_credential | ✗ | ✗ | ✗ | ✗ |
| Mapbox | mapbox_secret_access_token | ✓ | ✗ | ✗ | ✗ |
| MaxMind | maxmind_license_key | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_non_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mergify | mergify_application_key | ✓ | ✓ | ✗ | ✗ |
| MessageBird | messagebird_api_key | ✓ | ✗ | ✗ | ✗ |
| Midtrans | midtrans_production_server_key | ✓ | ✓ | ✗ | ✗ |
| Midtrans | midtrans_sandbox_server_key | ✓ | ✗ | ✗ | ✗ |
| MongoDB | mongodb_atlas_db_uri_with_credentials | ✓ | ✗ | ✗ | ✗ |
| Neon | neon_api_key | ✗ | ✗ | ✗ | ✗ |
| Neon | neon_connection_uri | ✗ | ✗ | ✗ | ✗ |
| Netflix | netflix_netkey | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_insights_query_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_license_key | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_personal_api_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_rest_api_key | ✓ | ✓ | ✗ | ✗ |
| Notion | notion_integration_token | ✓ | ✗ | ✗ | ✗ |
| Notion | notion_oauth_client_secret | ✓ | ✗ | ✗ | ✗ |
| npm | npm_access_token Token versions | ✓ | ✓ | ✗ | ✗ |
| NuGet | nuget_api_key | ✓ | ✓ | ✗ | ✗ |
| Octopus Deploy | octopus_deploy_api_key | ✓ | ✗ | ✗ | ✗ |
| Oculus | oculus_access_token | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_encryption_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_oauth_token | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_sandbox_api_token | ✓ | ✗ | ✗ | ✗ |
| OpenAI | openai_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| OpenRouter | openrouter_api_key | ✓ | ✗ | ✗ | ✗ |
| Oracle | oracle_api_key | ✗ | ✗ | ✗ | ✗ |
| Orbit | orbit_api_token | ✓ | ✓ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_secret | ✓ | ✓ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Palantir | palantir_jwt | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_production_api_key | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_sandbox_api_key | ✓ | ✓ | ✗ | ✗ |
| pinterest_access_token | ✓ | ✓ | ✗ | ✗ | |
| pinterest_refresh_token | ✓ | ✓ | ✗ | ✗ | |
| PlanetScale | planetscale_database_password | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_oauth_token | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_service_token | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_oauth_app_secret | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Plivo | plivo_auth_id plivo_auth_token | ✓ | ✓ | ✗ | ✗ |
| Polar | polar_access_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_authorization_code | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_registration_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_secret | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_refresh_token | ✓ | ✗ | ✗ | ✗ |
| Postman | postman_api_key | ✓ | ✓ | ✗ | ✗ |
| Postman | postman_collection_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_server_api_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_user_api_key | ✓ | ✓ | ✗ | ✗ |
| Proctorio | proctorio_consumer_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_linkage_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_registration_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_secret_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Pulumi | pulumi_access_token | ✓ | ✗ | ✗ | ✗ |
| PyPI | pypi_api_token | ✓ | ✓ | ✗ | ✗ |
| Ramp | ramp_client_id | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_client_secret | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_oauth_token | ✓ | ✗ | ✗ | ✗ |
| ReadMe | readmeio_api_access_token | ✓ | ✓ | ✗ | ✗ |
| redirect.pizza | redirect_pizza_api_token | ✓ | ✓ | ✗ | ✗ |
| Replicate | replicate_api_token | ✓ | ✓ | ✗ | ✗ |
| Rootly | rootly_api_key | ✓ | ✓ | ✗ | ✗ |
| RubyGems | rubygems_api_key | ✓ | ✗ | ✗ | ✗ |
| Samsara | samsara_api_token | ✓ | ✓ | ✗ | ✗ |
| Samsara | samsara_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Scalr | scalr_api_token | ✓ | ✓ | ✗ | ✗ |
| Segment | segment_public_api_token | ✓ | ✓ | ✗ | ✗ |
| SendGrid | sendgrid_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_smtp_key | ✓ | ✓ | ✗ | ✗ |
| Sentry | sentry_integration_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_org_auth_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_user_app_auth_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_user_auth_token | ✓ | ✗ | ✗ | ✗ |
| Shippo | shippo_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Shippo | shippo_test_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopee | shopee_open_platform_partner_key | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_access_token | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_app_client_credentials | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_client_secret | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_shared_secret | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_custom_app_access_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_marketplace_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_merchant_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_partner_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_private_app_password | ✓ | ✗ | ✗ | ✗ |
| Siemens | siemens_api_token | ✓ | ✓ | ✗ | ✗ |
| Siemens | siemens_code_token | ✗ | ✗ | ✗ | ✗ |
| Sindri | sindri_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_incoming_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_workflow_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_access_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_dotcom_user_gateway | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_instance_identifier_access_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_license_key_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_product_subscription_token | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token Token versions | ✓ | ✗ | ✗ | ✗ |
| Square | square_production_application_secret | ✓ | ✗ | ✗ | ✗ |
| Square | square_sandbox_application_secret | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_cluster_secret | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_api_key | ✓ | ✓ | ✗ | ✗ |
| Stripe | stripe_legacy_api_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_live_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_secret_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_webhook_signing_secret | ✓ | ✗ | ✗ | ✗ |
| Supabase | supabase_service_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Tableau | tableau_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Tailscale | tailscale_api_key | ✓ | ✗ | ✗ | ✗ |
| Telegram | telegram_bot_token | ✓ | ✗ | ✗ | ✗ |
| Telnyx | telnyx_api_v2_key | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_cloud_secret_id | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_wechat_api_app_id | ✓ | ✗ | ✗ | ✗ |
| Thunderstore | thunderstore_io_api_token | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_access_token | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_account_sid | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_api_key | ✓ | ✓ | ✗ | ✗ |
| Typeform | typeform_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Uniwise | wiseflow_api_key | ✓ | ✓ | ✗ | ✗ |
| Unkey | unkey_root_key | ✓ | ✗ | ✗ | ✗ |
| VolcEngine | volcengine_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_api_key | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_app_secret | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_production_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_staging_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_access_secret | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_cookie | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_token | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_smartcaptcha_server_key | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_dictionary_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_passport_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_predictor_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_translate_api_key | ✓ | ✗ | ✗ | ✗ |
| Zuplo | zuplo_consumer_api_key | ✓ | ✓ | ✗ | ✗ |
Versiones de token
Los proveedores de servicios actualizan los patrones usados para generar tokens periódicamente y pueden admitir más de una versión de un token. La protección contra inserción solo admite las versiones de token más recientes que secret scanning puede identificar con confianza. Esto evita la inserción de confirmaciones de bloqueo de protección innecesariamente cuando un resultado puede ser un falso positivo, lo que es más probable que se produzca con tokens heredados.
Secretos de varias partes
De forma predeterminada, secret scanning admite la validación de claves de acceso coincidentes con pares e identificadores de clave.
Secret scanning también admite la validación de identificadores de clave individuales para los identificadores de clave de acceso de Amazon AWS, además de la coincidencia de pares existente.
Un identificador de clave se mostrará como activo si secret scanning confirma que el identificador de clave existe, independientemente de si se encuentra o no una clave de acceso correspondiente. El identificador de clave se mostrará como inactive si no fuera válido (por ejemplo, si no es un identificador de clave real).
Cuando se encuentra un par válido, se vincularán las alertas de secret scanning.
Lectura adicional
-
[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts) -
[AUTOTITLE](/code-security/getting-started/securing-your-repository) -
[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)