Release
Secret scanning expands default pattern and push protection support
GitHub regularly updates the default pattern set for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types.
The following new patterns were added over the last few months. Secret scanning automatically detects any secrets matching these patterns in your repositories. See the full list of supported secrets in the documentation.
| Provider | Token | Partner | User | Push protection |
|---|---|---|---|---|
| Bitrise | bitrise_personal_access_token | ✓ | ✓ | ✓ |
| Bitrise | bitrise_workspace_api_token | ✓ | ✓ | ✓ |
| Buildkite | buildkite_user_access_token | ✓ | ✓ | |
| linkedin_client_secret | ✓ | |||
| Mailersend | mailersend_smtp_password | ✓ | ||
| Naver Cloud | navercloud_gov_access_key | ✓ | ✓ | |
| Naver Cloud | navercloud_gov_access_key_secret | ✓ | ✓ | |
| Naver Cloud | navercloud_gov_sts | ✓ | ✓ | |
| Naver Cloud | navercloud_gov_sts_secret | ✓ | ✓ | |
| Naver Cloud | navercloud_pub_access_key | ✓ | ✓ | |
| Naver Cloud | navercloud_pub_access_key_secret | ✓ | ✓ | |
| Naver Cloud | navercloud_pub_sts | ✓ | ✓ | |
| Naver Cloud | navercloud_pub_sts_secret | ✓ | ✓ | |
| Neon | neon_api_key | ✓ | ||
| Neon | neon_connection_uri | ✓ | ||
| Pangea | pangea_token | ✓ | ||
| Planning Center | planning_center_oauth_access_token | ✓ | ✓ | ✓ |
| Planning Center | planning_center_oauth_app_secret | ✓ | ✓ | ✓ |
| Planning Center | planning_center_personal_access_token | ✓ | ✓ | ✓ |
| Ramp | ramp_client_id | ✓ | ✓ | |
| Ramp | ramp_client_secret | ✓ | ✓ | |
| Ramp | ramp_oauth_token | ✓ | ✓ | |
| RunPod | runpod_api_key | ✓ | ✓ | ✓ |
| Sourcegraph | sourcegraph_access_token | ✓ | ✓ | |
| Sourcegraph | sourcegraph_dotcom_user_gateway | ✓ | ✓ | |
| Sourcegraph | sourcegraph_instance_identifier_access_token | ✓ | ✓ | |
| Sourcegraph | sourcegraph_license_key_token | ✓ | ✓ | |
| Sourcegraph | sourcegraph_product_subscription_token | ✓ | ✓ |
The following existing patterns were upgraded to be included in push protection. When push protection is enabled, secret scanning automatically blocks any pushes that contain a secret matching these patterns.
| Provider | Token |
|---|---|
| Atlassian | atlassian_jwt |
| Azure | azure_web_pub_sub_connection_string |
| Azure | microsoft_corporate_network_user_credential |
| Azure | azure_app_configuration_connection_string |
| Beamer API Key | beamer_api_key |
| Checkout.com | checkout_test_secret_key |
| Duffel | duffel_test_access_token |
| Dynatrace | dynatrace_internal_token |
| eBay | ebay_sandbox_client_id ebay_sandbox_client_secret |
| Frame.io | frameio_jwt |
| google_oauth_refresh_token | |
| google_oauth_access_token | |
| Lob | lob_test_api_key |
| Mailgun | mailgun_api_key |
| Notion | notion_oauth_client_secret |
| Pulumi | pulumi_access_token |
| RubyGems | rubygems_api_key |
| Sentry | sentry_integration_token |
| Sentry | sentry_org_auth_token |
| Sentry | sentry_user_app_auth_token |
| Sentry | sentry_user_auth_token |
| Shopee | shopee_open_platform_partner_key |
| Shopify | shopify_app_client_credentials |
| Shopify | shopify_custom_app_access_token |
| Shopify | shopify_partner_api_token |
| Shopify | shopify_private_app_password |
| Square | square_access_token |
| Square | square_production_application_secret |
| Square | square_sandbox_application_secret |
| SSLMate | sslmate_api_key |
| SSLMate | sslmate_cluster_secret |
| Stripe | stripe_test_secret_key |
| Tableau | tableau_personal_access_token |
| WorkOS | workos_staging_api_key |
| Yandex | yandex_dictionary_api_key |
| Yandex | yandex_cloud_api_key |
Learn more about securing your repositories with secret scanning.