Informationen zu secret scanning-Mustern
Es gibt Arten von Warnungen zur Geheimnisüberprüfung:
-
** Warnungen zum Geheimnis-Scanning:** Werden den Benutzern auf der **<svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-shield" aria-label="shield" role="img"><path d="M7.467.133a1.748 1.748 0 0 1 1.066 0l5.25 1.68A1.75 1.75 0 0 1 15 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.697 1.697 0 0 1-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 0 1 1.217-1.667Zm.61 1.429a.25.25 0 0 0-.153 0l-5.25 1.68a.25.25 0 0 0-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.196.196 0 0 0 .154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.251.251 0 0 0-.174-.237l-5.25-1.68ZM8.75 4.75v3a.75.75 0 0 1-1.5 0v-3a.75.75 0 0 1 1.5 0ZM9 10.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg> Security** Registerkarte des Repositorys gemeldet, wenn ein unterstütztes Geheimnis im Repository erkannt wird. -
**Pushschutzwarnungen:** Wird benutzern auf der **<svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-shield" aria-label="shield" role="img"><path d="M7.467.133a1.748 1.748 0 0 1 1.066 0l5.25 1.68A1.75 1.75 0 0 1 15 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.697 1.697 0 0 1-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 0 1 1.217-1.667Zm.61 1.429a.25.25 0 0 0-.153 0l-5.25 1.68a.25.25 0 0 0-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.196.196 0 0 0 .154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.251.251 0 0 0-.174-.237l-5.25-1.68ZM8.75 4.75v3a.75.75 0 0 1-1.5 0v-3a.75.75 0 0 1 1.5 0ZM9 10.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg> Security** Registerkarte des Repositorys gemeldet, wenn ein Mitwirkender den Pushschutz umgeht.
Ausführliche Informationen zu den einzelnen Warnungstypen finden Sie unter Informationen zu Warnungen zur Geheimnisüberprüfung.
Ausführliche Informationen zu allen unterstützten Mustern finden Sie weiter unten im Abschnitt Unterstützte Secrets.
Wenn Sie die REST-API für secret scanning verwenden, können Sie den Secret type verwenden, um Berichte für Secrets von bestimmten Ausstellern zu erstellen. Weitere Informationen finden Sie unter REST-API-Endpunkte für das Secret Scanning.
Wenn du der Meinung bist, dass secret scanning ein Geheimnis erkannt haben sollte, das in dein Repository committet wurde, aber dieses nicht erkannt wurde, musst du zuerst überprüfen, ob GitHub dein Geheimnis unterstützt. Weitere Informationen finden Sie in den folgenden Abschnitten. Weitergehende Informationen zur Problembehandlung finden Sie unter Bereich für die Erkennung von Secret Scanning.
Unterstützte Geheimnisse
In den Tabellen werden die Secrets aufgeführt, die von secret scanning für jeden Secret-Typ unterstützt werden. Informationen in den Tabellen können diese Daten enthalten:
-
**Anbieter:** Name des Tokenanbieters. -
**Secret scanning-Warnung:** Das Token, für das Benutzern auf GitHub Lecks gemeldet werden.- Das gilt für private Repositorys, bei denen GitHub Secret Protection und secret scanning aktiviert sind.
- Enthält standardmäßige-Token, die sich auf unterstützte Muster und angegebene benutzerdefinierte Muster beziehen, sowie Nicht-Anbietertoken wie private Schlüssel, die häufig zu falsch positiven Ergebnissen führen
-
**Pushschutz:** Das Token, für das Benutzern auf GitHub Lecks gemeldet werden. Gilt für Repositorys mit secret scanning und aktiviertem Pushschutz. -
**Gültigkeitsüberprüfung:** Das Token, für das eine Gültigkeitsüberprüfung implementiert wird. Gilt derzeit nur für GitHub-Token. -
**Metadatenüberprüfung:** Token, für das erweiterte Metadaten verfügbar sind, die zusätzlichen Kontext zum erkannten geheimen Schlüssel bereitstellen. -
**Base64:** Token, für das Base64-codierte Versionen unterstützt werden.
Nicht-Anbietermuster
Genauigkeitsstufen werden basierend auf den typischen falsch positiven Raten des Mustertyps geschätzt.
| Provider | Token | Description | Präzision |
|---|---|---|---|
| Allgemein | http_basic_authentication_header | HTTP-Basisauthentifizierungszugangsdaten in Anforderungsheadern | Mittelstufe |
| Allgemein | http_bearer_authentication_header | HTTP Bearertoken, die für die API-Authentifizierung verwendet werden | Mittelstufe |
| Allgemein | mongodb_connection_string | Verbindungszeichenfolgen für MongoDB-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | mysql_connection_url | Verbindungszeichenfolgen für MySQL-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | openssh_private_key | OpenSSH-Format private Schlüssel, die für die SSH-Authentifizierung verwendet werden | High |
| Allgemein | pgp_private_key | Private PGP-Schlüssel (Pretty Good Privacy), die für Verschlüsselung und Signatur verwendet werden | High |
| Allgemein | postgres_connection_string | Verbindungszeichenfolgen für PostgreSQL-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | rsa_private_key | Private RSA-Schlüssel, die für kryptografische Vorgänge verwendet werden | High |
Hinweis
Gültigkeitsprüfungen werden für Nicht-Anbietermuster nicht unterstützt .
Standardmäßige-Muster
| Provider | Token | Secret scanning-Warnung | Pushschutz | Gültigkeitsüberprüfung | Base64 |
|---|---|---|---|---|---|
| Adafruit | adafruit_io_key | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_client_secret | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_device_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_pac_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_service_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_auth_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_service_password | ✓ | ✓ | ✗ | ✗ |
| Alibaba | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_access_key_id aws_secret_access_key | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_secret_access_key aws_session_token aws_temporary_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_admin_api_key | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_api_key | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_session_id | ✓ | ✓ | ✗ | ✗ |
| Asaas | asaas_api_token | ✓ | ✗ | ✗ | ✗ |
| Asana | asana_legacy_format_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Asana | asana_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_jwt | ✓ | ✗ | ✗ | ✗ |
| Authress | authress_service_client_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret Token versions | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_user_credential | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_direct_management_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_gateway_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_repository_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_subscription_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_app_configuration_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_batch_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cache_for_redis_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_communication_services_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_container_registry_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cosmosdb_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_devops_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_event_hub_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_function_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_device_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_provisioning_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_hub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_hub_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_provisioning_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_management_certificate | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_ml_web_service_classic_identifiable_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_openai_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_relay_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_sas_token | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_search_admin_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_search_query_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_service_bus_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_signalr_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_password | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_storage_account_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_web_pub_sub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | microsoft_azure_entra_id_token | ✓ | ✓ | ✗ | ✗ |
| Azure | microsoft_corporate_network_user_credential | ✓ | ✗ | ✗ | ✗ |
| Baidu | baiducloud_api_accesskey | ✓ | ✓ | ✗ | ✗ |
| Beamer | beamer_api_key | ✓ | ✗ | ✗ | ✗ |
| Bitbucket | bitbucket_server_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Canadian Digital Service | cds_canada_notify_api_key | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_app_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_connect_api_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_secret | ✓ | ✓ | ✗ | ✗ |
| Cashfree | cashfree_api_key | ✓ | ✓ | ✗ | ✗ |
| Cfx.re | cfxre_server_key | ✓ | ✗ | ✗ | ✗ |
| Checkout.com | checkout_production_secret_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Checkout.com | checkout_test_secret_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Chief Tools | chief_tools_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_bot_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_project_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_release_integration_token | ✓ | ✓ | ✗ | ✗ |
| Clojars | clojars_deploy_token | ✓ | ✓ | ✗ | ✗ |
| CloudBees | codeship_credential | ✗ | ✗ | ✗ | ✗ |
| Cockroach Labs | ccdb_api_key | ✓ | ✗ | ✗ | ✗ |
| Contentful | contentful_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Contributed Systems | contributed_systems_credentials | ✗ | ✗ | ✗ | ✗ |
| Coveo | coveo_access_token | ✓ | ✗ | ✗ | ✗ |
| Coveo | coveo_api_key | ✓ | ✗ | ✗ | ✗ |
| crates.io | cratesio_api_token | ✓ | ✓ | ✗ | ✗ |
| Databento | databento_api_key | ✓ | ✗ | ✗ | ✗ |
| Databricks | databricks_access_token | ✓ | ✓ | ✗ | ✗ |
| Datadog | datadog_api_key | ✗ | ✗ | ✗ | ✗ |
| Datadog | datadog_app_key | ✗ | ✗ | ✗ | ✗ |
| Datastax | datastax_astracs_token | ✓ | ✓ | ✗ | ✗ |
| Defined Networking | defined_networking_nebula_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_client_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_mobile_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_server_api_key | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_oauth_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_refresh_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_system_token | ✓ | ✓ | ✗ | ✗ |
| Discord | discord_bot_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Docker | docker_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_audit_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_cli_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_personal_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_scim_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_account_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_token | ✓ | ✓ | ✗ | ✗ |
| Dropbox | dropbox_access_token | ✓ | ✗ | ✗ | ✗ |
| Dropbox | dropbox_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_live_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_test_access_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_api_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_internal_token | ✓ | ✗ | ✗ | ✗ |
| EasyPost | easypost_production_api_key | ✓ | ✓ | ✗ | ✗ |
| EasyPost | easypost_test_api_key | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_production_client_id ebay_production_client_secret | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_sandbox_client_id ebay_sandbox_client_secret | ✓ | ✗ | ✗ | ✗ |
| facebook_access_token | ✓ | ✗ | ✗ | ✗ | |
| Fastly | fastly_api_token Token versions | ✓ | ✗ | ✗ | ✗ |
| Figma | figma_pat | ✓ | ✓ | ✗ | ✗ |
| Finicity | finicity_app_key | ✓ | ✗ | ✗ | ✗ |
| Firebase | firebase_cloud_messaging_server_key | ✓ | ✗ | ✗ | ✗ |
| Flutterwave | flutterwave_live_api_secret_key | ✓ | ✓ | ✗ | ✗ |
| Flutterwave | flutterwave_test_api_secret_key | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_developer_token | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_jwt | ✓ | ✗ | ✗ | ✗ |
| FullStory | fullstory_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| GitHub | github_app_installation_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_oauth_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_personal_access_token Token versions | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_refresh_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_ssh_private_key | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_test_token | ✓ | ✗ | ✗ | ✗ |
| GitHub Secret Scanning | secret_scanning_sample_token | ✓ | ✓ | ✗ | ✗ |
| GitLab | gitlab_access_token | ✓ | ✓ | ✗ | ✗ |
| GoCardless | gocardless_live_access_token | ✓ | ✗ | ✗ | ✗ |
| GoCardless | gocardless_sandbox_access_token | ✓ | ✗ | ✗ | ✗ |
| google_api_key | ✓ | ✗ | ✗ | ✗ | |
| google_cloud_service_account_credentials | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_service_account_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_user_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_gcp_api_key_bound_service_account | ✓ | ✗ | ✗ | ✗ | |
| google_oauth_access_token | ✓ | ✗ | ✗ | ✗ | |
| google_oauth_client_id google_oauth_client_secret | ✓ | ✓ | ✗ | ✗ | |
| google_oauth_refresh_token | ✓ | ✗ | ✗ | ✗ | |
| Grafana | grafana_cloud_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_cloud_api_token | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_service_account_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_batch_token Token versions | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_root_service_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_service_token Token versions | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | terraform_api_token | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_test_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_test_key | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_bearer | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_pat | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_ptk | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_personal_access_key | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_private_apps_user_token | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_smtp_credential Token versions | ✓ | ✗ | ✗ | ✗ |
| Hugging Face | hf_org_api_key | ✓ | ✗ | ✗ | ✗ |
| Hugging Face | hf_user_access_token | ✓ | ✓ | ✗ | ✗ |
| IBM | ibm_cloud_iam_key | ✓ | ✗ | ✗ | ✗ |
| IBM | ibm_softlayer_api_key | ✓ | ✗ | ✗ | ✗ |
| Intercom | intercom_access_token | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_personal_access_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_refresh_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Iterative | iterative_dvc_studio_access_token | ✗ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_access_token | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_api_key | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_reference_token | ✓ | ✓ | ✗ | ✗ |
| LaunchDarkly | launchdarkly_access_token | ✗ | ✗ | ✗ | ✗ |
| Lichess | lichess_oauth_access_token | ✓ | ✗ | ✗ | ✗ |
| Lichess | lichess_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Lightspeed | lightspeed_xs_pat | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_api_key | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| linkedin_client_secret | ✓ | ✗ | ✗ | ✗ | |
| Lob | lob_live_api_key | ✓ | ✗ | ✗ | ✗ |
| Lob | lob_test_api_key | ✓ | ✗ | ✗ | ✗ |
| Localstack | localstack_api_key | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_bearer_token | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_lmv1_access_key | ✓ | ✓ | ✗ | ✗ |
| Login with Amazon | amazon_oauth_client_id amazon_oauth_client_secret amazon_oauth_client_secret | ✓ | ✓ | ✗ | ✗ |
| Mailchimp | mailchimp_api_key | ✓ | ✗ | ✗ | ✗ |
| Mailchimp | mandrill_api_key | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_api_token | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_password | ✗ | ✗ | ✗ | ✗ |
| Mailersend | mailersend_smtp_username | ✗ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_smtp_credential | ✗ | ✗ | ✗ | ✗ |
| Mapbox | mapbox_secret_access_token | ✓ | ✗ | ✗ | ✗ |
| MaxMind | maxmind_license_key | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_non_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mergify | mergify_application_key | ✓ | ✓ | ✗ | ✗ |
| MessageBird | messagebird_api_key | ✓ | ✗ | ✗ | ✗ |
| Midtrans | midtrans_production_server_key | ✓ | ✓ | ✗ | ✗ |
| Midtrans | midtrans_sandbox_server_key | ✓ | ✗ | ✗ | ✗ |
| MongoDB | mongodb_atlas_db_uri_with_credentials | ✓ | ✗ | ✗ | ✗ |
| Neon | neon_api_key | ✗ | ✗ | ✗ | ✗ |
| Neon | neon_connection_uri | ✗ | ✗ | ✗ | ✗ |
| Netflix | netflix_netkey | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_insights_query_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_license_key | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_personal_api_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_rest_api_key | ✓ | ✓ | ✗ | ✗ |
| Notion | notion_integration_token | ✓ | ✗ | ✗ | ✗ |
| Notion | notion_oauth_client_secret | ✓ | ✗ | ✗ | ✗ |
| npm | npm_access_token Token versions | ✓ | ✓ | ✗ | ✗ |
| NuGet | nuget_api_key | ✓ | ✓ | ✗ | ✗ |
| Octopus Deploy | octopus_deploy_api_key | ✓ | ✗ | ✗ | ✗ |
| Oculus | oculus_access_token | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_encryption_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_oauth_token | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_sandbox_api_token | ✓ | ✗ | ✗ | ✗ |
| OpenAI | openai_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| OpenRouter | openrouter_api_key | ✓ | ✗ | ✗ | ✗ |
| Oracle | oracle_api_key | ✗ | ✗ | ✗ | ✗ |
| Orbit | orbit_api_token | ✓ | ✓ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_secret | ✓ | ✓ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Palantir | palantir_jwt | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_production_api_key | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_sandbox_api_key | ✓ | ✓ | ✗ | ✗ |
| pinterest_access_token | ✓ | ✓ | ✗ | ✗ | |
| pinterest_refresh_token | ✓ | ✓ | ✗ | ✗ | |
| PlanetScale | planetscale_database_password | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_oauth_token | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_service_token | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_oauth_app_secret | ✓ | ✓ | ✗ | ✗ |
| Planning Center | planning_center_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Plivo | plivo_auth_id plivo_auth_token | ✓ | ✓ | ✗ | ✗ |
| Polar | polar_access_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_authorization_code | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_registration_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_client_secret | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Polar | polar_refresh_token | ✓ | ✗ | ✗ | ✗ |
| Postman | postman_api_key | ✓ | ✓ | ✗ | ✗ |
| Postman | postman_collection_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_server_api_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_user_api_key | ✓ | ✓ | ✗ | ✗ |
| Proctorio | proctorio_consumer_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_linkage_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_registration_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_secret_key Token versions | ✓ | ✓ | ✗ | ✗ |
| Pulumi | pulumi_access_token | ✓ | ✗ | ✗ | ✗ |
| PyPI | pypi_api_token | ✓ | ✓ | ✗ | ✗ |
| Ramp | ramp_client_id | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_client_secret | ✓ | ✗ | ✗ | ✗ |
| Ramp | ramp_oauth_token | ✓ | ✗ | ✗ | ✗ |
| ReadMe | readmeio_api_access_token | ✓ | ✓ | ✗ | ✗ |
| redirect.pizza | redirect_pizza_api_token | ✓ | ✓ | ✗ | ✗ |
| Replicate | replicate_api_token | ✓ | ✓ | ✗ | ✗ |
| Rootly | rootly_api_key | ✓ | ✓ | ✗ | ✗ |
| RubyGems | rubygems_api_key | ✓ | ✗ | ✗ | ✗ |
| Samsara | samsara_api_token | ✓ | ✓ | ✗ | ✗ |
| Samsara | samsara_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Scalr | scalr_api_token | ✓ | ✓ | ✗ | ✗ |
| Segment | segment_public_api_token | ✓ | ✓ | ✗ | ✗ |
| SendGrid | sendgrid_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_smtp_key | ✓ | ✓ | ✗ | ✗ |
| Sentry | sentry_integration_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_org_auth_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_user_app_auth_token | ✓ | ✗ | ✗ | ✗ |
| Sentry | sentry_user_auth_token | ✓ | ✗ | ✗ | ✗ |
| Shippo | shippo_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Shippo | shippo_test_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopee | shopee_open_platform_partner_key | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_access_token | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_app_client_credentials | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_client_secret | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_shared_secret | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_custom_app_access_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_marketplace_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_merchant_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_partner_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_private_app_password | ✓ | ✗ | ✗ | ✗ |
| Siemens | siemens_api_token | ✓ | ✓ | ✗ | ✗ |
| Siemens | siemens_code_token | ✗ | ✗ | ✗ | ✗ |
| Sindri | sindri_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_incoming_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_workflow_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_access_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_dotcom_user_gateway | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_instance_identifier_access_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_license_key_token | ✓ | ✗ | ✗ | ✗ |
| Sourcegraph | sourcegraph_product_subscription_token | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token Token versions | ✓ | ✗ | ✗ | ✗ |
| Square | square_production_application_secret | ✓ | ✗ | ✗ | ✗ |
| Square | square_sandbox_application_secret | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_cluster_secret | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_api_key | ✓ | ✓ | ✗ | ✗ |
| Stripe | stripe_legacy_api_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_live_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_secret_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_webhook_signing_secret | ✓ | ✗ | ✗ | ✗ |
| Supabase | supabase_service_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Tableau | tableau_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Tailscale | tailscale_api_key | ✓ | ✗ | ✗ | ✗ |
| Telegram | telegram_bot_token | ✓ | ✗ | ✗ | ✗ |
| Telnyx | telnyx_api_v2_key | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_cloud_secret_id | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_wechat_api_app_id | ✓ | ✗ | ✗ | ✗ |
| Thunderstore | thunderstore_io_api_token | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_access_token | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_account_sid | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_api_key | ✓ | ✓ | ✗ | ✗ |
| Typeform | typeform_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Uniwise | wiseflow_api_key | ✓ | ✓ | ✗ | ✗ |
| Unkey | unkey_root_key | ✓ | ✗ | ✗ | ✗ |
| VolcEngine | volcengine_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_api_key | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_app_secret | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token Token versions | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_production_api_key Token versions | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_staging_api_key Token versions | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_access_secret | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_cookie | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_token | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_smartcaptcha_server_key | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_dictionary_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_passport_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_predictor_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_translate_api_key | ✓ | ✗ | ✗ | ✗ |
| Zuplo | zuplo_consumer_api_key | ✓ | ✓ | ✗ | ✗ |
Tokenversionen
Serviceanbieter aktualisieren regelmäßig die zum Generieren von Tokens verwendeten Muster und unterstützen gegebenenfalls mehrere Versionen eines Tokens. Der Pushschutz unterstützt nur die neuesten Tokenversionen, die secret scanning mit Sicherheit identifizieren kann. Dadurch wird verhindert, dass der Pushschutz Commits im Fall eines falsch positiven Ergebnisses unnötig blockiert, was bei Token der Vorversion mit größerer Wahrscheinlichkeit vorkommt.
Weiterführende Lektüre
-
[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts) -
[AUTOTITLE](/code-security/getting-started/securing-your-repository) -
[AUTOTITLE](/authentication/keeping-your-account-and-data-secure)