Informationen zu secret scanning-Mustern
Es gibt Arten von Warnungen zur Geheimnisüberprüfung:
Warnungen zum Geheimnis-Scanning:** Werden den Benutzern auf der **<svg version="1.1" width="16" height="16" viewBox="0 0 16 16" class="octicon octicon-shield" aria-label="shield" role="img"><path d="M7.467.133a1.748 1.748 0 0 1 1.066 0l5.25 1.68A1.75 1.75 0 0 1 15 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.697 1.697 0 0 1-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 0 1 1.217-1.667Zm.61 1.429a.25.25 0 0 0-.153 0l-5.25 1.68a.25.25 0 0 0-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.196.196 0 0 0 .154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.251.251 0 0 0-.174-.237l-5.25-1.68ZM8.75 4.75v3a.75.75 0 0 1-1.5 0v-3a.75.75 0 0 1 1.5 0ZM9 10.5a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg> Security** Registerkarte des Repositorys gemeldet, wenn ein unterstütztes Geheimnis im Repository erkannt wird.
- Pushschutzwarnungen: Wird benutzern auf der Security Registerkarte des Repositorys gemeldet, wenn ein Mitwirkender den Pushschutz umgeht.
Ausführliche Informationen zu den einzelnen Warnungstypen finden Sie unter Informationen zu Warnungen zur Geheimnisüberprüfung.
Ausführliche Informationen zu allen unterstützten Mustern finden Sie weiter unten im Abschnitt Unterstützte Secrets.
Wenn Sie die REST-API für secret scanning verwenden, können Sie den Secret type verwenden, um Berichte für Secrets von bestimmten Ausstellern zu erstellen. Weitere Informationen finden Sie unter REST-API-Endpunkte für das Secret Scanning.
Wenn du der Meinung bist, dass secret scanning ein Geheimnis erkannt haben sollte, das in dein Repository committet wurde, aber dieses nicht erkannt wurde, musst du zuerst überprüfen, ob GitHub dein Geheimnis unterstützt. Weitere Informationen finden Sie in den folgenden Abschnitten. Weitergehende Informationen zur Problembehandlung finden Sie unter Bereich für die Erkennung von Secret Scanning.
Unterstützte Geheimnisse
In den Tabellen werden die Secrets aufgeführt, die von secret scanning für jeden Secret-Typ unterstützt werden. Informationen in den Tabellen können diese Daten enthalten:
- Anbieter: Name des Tokenanbieters.
- Secret scanning-Warnung: Das Token, für das Benutzern auf GitHub Lecks gemeldet werden.
- Das gilt für private Repositorys, bei denen GitHub Advanced Security und secret scanning aktiviert sind.
- Enthält High-Confidence--Token, die sich auf unterstützte Muster und angegebene benutzerdefinierte Muster beziehen, sowie Nicht-Anbietertoken wie private Schlüssel, die häufig zu falsch positiven Ergebnissen führen
- Pushschutz: Das Token, für das Benutzern auf GitHub Lecks gemeldet werden. Gilt für Repositorys mit secret scanning und aktiviertem Pushschutz.
- Gültigkeitsüberprüfung: Das Token, für das eine Gültigkeitsüberprüfung implementiert wird. Gilt derzeit nur für GitHub-Token.
- Metadatenüberprüfung: Token, für das erweiterte Metadaten verfügbar sind, die zusätzlichen Kontext zum erkannten geheimen Schlüssel bereitstellen.
- Base64: Token, für das Base64-codierte Versionen unterstützt werden.
Nicht-Anbietermuster
Hinweis
Das Erkennen von Nicht-Anbietermustern befindet sich derzeit in der beta. Änderungen sind vorbehalten.
Genauigkeitsstufen werden basierend auf den typischen falsch positiven Raten des Mustertyps geschätzt.
| Provider | Token | Description | Präzision |
|---|---|---|---|
| Allgemein | http_basic_authentication_header | HTTP-Basisauthentifizierungszugangsdaten in Anforderungsheadern | Mittelstufe |
| Allgemein | http_bearer_authentication_header | HTTP Bearertoken, die für die API-Authentifizierung verwendet werden | Mittelstufe |
| Allgemein | mongodb_connection_string | Verbindungszeichenfolgen für MongoDB-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | mysql_connection_url | Verbindungszeichenfolgen für MySQL-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | openssh_private_key | OpenSSH-Format private Schlüssel, die für die SSH-Authentifizierung verwendet werden | High |
| Allgemein | pgp_private_key | Private PGP-Schlüssel (Pretty Good Privacy), die für Verschlüsselung und Signatur verwendet werden | High |
| Allgemein | postgres_connection_string | Verbindungszeichenfolgen für PostgreSQL-Datenbanken mit Anmeldeinformationen | High |
| Allgemein | rsa_private_key | Private RSA-Schlüssel, die für kryptografische Vorgänge verwendet werden | High |
Hinweis
Gültigkeitsprüfungen werden für Nicht-Anbietermuster nicht unterstützt .
Hohe Konfidenz-Muster
| Provider | Token | Secret scanning-Warnung | Pushschutz | Gültigkeitsüberprüfung | Base64 |
|---|---|---|---|---|---|
| Adafruit | adafruit_io_key | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_client_secret | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_device_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_pac_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_service_token | ✓ | ✓ | ✗ | ✗ |
| Adobe | adobe_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_auth_token | ✓ | ✓ | ✗ | ✗ |
| Aiven | aiven_service_password | ✓ | ✓ | ✗ | ✗ |
| Alibaba | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_access_key_id aws_secret_access_key | ✓ | ✓ | ✗ | ✗ |
| Amazon AWS | aws_secret_access_key aws_session_token aws_temporary_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_api_key | ✓ | ✓ | ✗ | ✗ |
| Anthropic | anthropic_session_id | ✓ | ✓ | ✗ | ✗ |
| Asana | asana_legacy_format_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Asana | asana_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_api_token | ✓ | ✗ | ✗ | ✗ |
| Atlassian | atlassian_api_token | ✓ | ✓ | ✗ | ✗ |
| Atlassian | atlassian_jwt | ✓ | ✗ | ✗ | ✗ |
| Authress | authress_service_client_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_active_directory_application_secret | ✗ | ✗ | ✗ | ✗ |
| Azure | azure_active_directory_user_credential | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_apim_direct_management_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_gateway_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_repository_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_apim_subscription_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_app_configuration_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_batch_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cache_for_redis_access_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_communication_services_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_container_registry_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_cosmosdb_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_devops_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_event_hub_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_function_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_device_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_device_provisioning_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_hub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_iot_hub_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_iot_provisioning_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_management_certificate | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_ml_web_service_classic_identifiable_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_relay_key_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_sas_token | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_search_admin_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_search_query_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_service_bus_identifiable | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_signalr_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_sql_password | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_storage_account_key | ✓ | ✗ | ✗ | ✗ |
| Azure | azure_storage_account_key | ✓ | ✓ | ✗ | ✗ |
| Azure | azure_web_pub_sub_connection_string | ✓ | ✗ | ✗ | ✗ |
| Azure | microsoft_corporate_network_user_credential | ✓ | ✗ | ✗ | ✗ |
| Baidu | baiducloud_api_accesskey | ✓ | ✓ | ✗ | ✗ |
| Beamer | beamer_api_key | ✓ | ✗ | ✗ | ✗ |
| Bitbucket | bitbucket_server_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Canadian Digital Service | cds_canada_notify_api_key | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_app_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_connect_api_secret | ✓ | ✓ | ✗ | ✗ |
| Canva | canva_secret | ✓ | ✓ | ✗ | ✗ |
| Cashfree | cashfree_api_key | ✓ | ✓ | ✗ | ✗ |
| Checkout.com | checkout_production_secret_key | ✓ | ✗ | ✗ | ✗ |
| Checkout.com | checkout_production_secret_key | ✓ | ✓ | ✗ | ✗ |
| Checkout.com | checkout_test_secret_key | ✓ | ✗ | ✗ | ✗ |
| Checkout.com | checkout_test_secret_key | ✓ | ✗ | ✗ | ✗ |
| Chief Tools | chief_tools_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_bot_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_project_access_token | ✓ | ✓ | ✗ | ✗ |
| CircleCI | circleci_release_integration_token | ✓ | ✓ | ✗ | ✗ |
| Clojars | clojars_deploy_token | ✓ | ✓ | ✗ | ✗ |
| CloudBees | codeship_credential | ✗ | ✗ | ✗ | ✗ |
| Contentful | contentful_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Contributed Systems | contributed_systems_credentials | ✗ | ✗ | ✗ | ✗ |
| crates.io | cratesio_api_token | ✓ | ✓ | ✗ | ✗ |
| Databricks | databricks_access_token | ✓ | ✓ | ✗ | ✗ |
| Datadog | datadog_api_key | ✗ | ✗ | ✗ | ✗ |
| Datadog | datadog_app_key | ✗ | ✗ | ✗ | ✗ |
| Defined Networking | defined_networking_nebula_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_client_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_mobile_api_key | ✓ | ✓ | ✗ | ✗ |
| DevCycle | devcycle_server_api_key | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_oauth_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_refresh_token | ✓ | ✓ | ✗ | ✗ |
| DigitalOcean | digitalocean_system_token | ✓ | ✓ | ✗ | ✗ |
| Discord | discord_bot_token | ✓ | ✓ | ✗ | ✗ |
| Discord | discord_bot_token | ✓ | ✓ | ✗ | ✗ |
| Docker | docker_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_audit_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_cli_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_personal_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_scim_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_account_token | ✓ | ✓ | ✗ | ✗ |
| Doppler | doppler_service_token | ✓ | ✓ | ✗ | ✗ |
| Dropbox | dropbox_access_token | ✓ | ✗ | ✗ | ✗ |
| Dropbox | dropbox_short_lived_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_live_access_token | ✓ | ✓ | ✗ | ✗ |
| Duffel | duffel_test_access_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_api_token | ✓ | ✗ | ✗ | ✗ |
| Dynatrace | dynatrace_internal_token | ✓ | ✗ | ✗ | ✗ |
| EasyPost | easypost_production_api_key | ✓ | ✓ | ✗ | ✗ |
| EasyPost | easypost_test_api_key | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_production_client_id ebay_production_client_secret | ✓ | ✗ | ✗ | ✗ |
| eBay | ebay_sandbox_client_id ebay_sandbox_client_secret | ✓ | ✗ | ✗ | ✗ |
| facebook_access_token | ✓ | ✗ | ✗ | ✗ | |
| Fastly | fastly_api_token | ✓ | ✗ | ✗ | ✗ |
| Fastly | fastly_api_token | ✓ | ✗ | ✗ | ✗ |
| Figma | figma_pat | ✓ | ✓ | ✗ | ✗ |
| Finicity | finicity_app_key | ✓ | ✗ | ✗ | ✗ |
| Firebase | firebase_cloud_messaging_server_key | ✓ | ✗ | ✗ | ✗ |
| Flutterwave | flutterwave_live_api_secret_key | ✓ | ✓ | ✗ | ✗ |
| Flutterwave | flutterwave_test_api_secret_key | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_developer_token | ✓ | ✗ | ✗ | ✗ |
| Frame.io | frameio_jwt | ✓ | ✗ | ✗ | ✗ |
| FullStory | fullstory_api_key | ✓ | ✓ | ✗ | ✗ |
| FullStory | fullstory_api_key | ✓ | ✗ | ✗ | ✗ |
| GitHub | github_app_installation_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_app_installation_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_oauth_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_oauth_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_personal_access_token | ✓ | ✗ | ✓ | ✗ |
| GitHub | github_personal_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_personal_access_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_refresh_token | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_ssh_private_key | ✓ | ✓ | ✓ | ✗ |
| GitHub | github_test_token | ✓ | ✗ | ✗ | ✗ |
| GitHub Secret Scanning | secret_scanning_sample_token | ✓ | ✓ | ✗ | ✗ |
| GitLab | gitlab_access_token | ✓ | ✗ | ✗ | ✗ |
| GoCardless | gocardless_live_access_token | ✓ | ✗ | ✗ | ✗ |
| GoCardless | gocardless_sandbox_access_token | ✓ | ✗ | ✗ | ✗ |
| google_api_key | ✓ | ✗ | ✗ | ✗ | |
| google_cloud_private_key_id | ✗ | ✗ | ✗ | ✗ | |
| google_cloud_service_account_credentials | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_service_account_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_cloud_storage_access_key_secret google_cloud_storage_user_access_key_id | ✓ | ✓ | ✗ | ✗ | |
| google_oauth_access_token | ✓ | ✗ | ✗ | ✗ | |
| google_oauth_client_id google_oauth_client_secret | ✓ | ✓ | ✗ | ✗ | |
| google_oauth_refresh_token | ✓ | ✗ | ✗ | ✗ | |
| Grafana | grafana_cloud_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_cloud_api_token | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_api_key | ✓ | ✓ | ✗ | ✗ |
| Grafana | grafana_project_service_account_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_batch_token | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_batch_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_root_service_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_service_token | ✓ | ✓ | ✗ | ✗ |
| HashiCorp | hashicorp_vault_service_token | ✓ | ✗ | ✗ | ✗ |
| HashiCorp | terraform_api_token | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_rk_test_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_live_key | ✓ | ✓ | ✗ | ✗ |
| Highnote | highnote_sk_test_key | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_bearer | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_pat | ✓ | ✓ | ✗ | ✗ |
| HOP | hop_ptk | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_api_key | ✗ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_api_key | ✓ | ✗ | ✗ | ✗ |
| Hubspot | hubspot_api_key | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_personal_access_key | ✓ | ✓ | ✗ | ✗ |
| Hubspot | hubspot_smtp_credential | ✗ | ✗ | ✗ | ✗ |
| IBM | ibm_cloud_iam_key | ✓ | ✗ | ✗ | ✗ |
| IBM | ibm_softlayer_api_key | ✓ | ✗ | ✗ | ✗ |
| Intercom | intercom_access_token | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Ionic | ionic_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Ionic | ionic_refresh_token | ✓ | ✗ | ✗ | ✗ |
| JFrog | jfrog_platform_access_token | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_api_key | ✓ | ✓ | ✗ | ✗ |
| JFrog | jfrog_platform_reference_token | ✓ | ✓ | ✗ | ✗ |
| Lightspeed | lightspeed_xs_pat | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_api_key | ✓ | ✓ | ✗ | ✗ |
| Linear | linear_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Lob | lob_live_api_key | ✓ | ✗ | ✗ | ✗ |
| Lob | lob_test_api_key | ✓ | ✗ | ✗ | ✗ |
| Localstack | localstack_api_key | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_bearer_token | ✓ | ✓ | ✗ | ✗ |
| LogicMonitor | logicmonitor_lmv1_access_key | ✓ | ✓ | ✗ | ✗ |
| Login with Amazon | amazon_oauth_client_id amazon_oauth_client_secret amazon_oauth_client_secret | ✓ | ✓ | ✗ | ✗ |
| Mailchimp | mailchimp_api_key | ✓ | ✗ | ✗ | ✗ |
| Mailchimp | mandrill_api_key | ✗ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_api_key | ✓ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_api_key | ✓ | ✗ | ✗ | ✗ |
| Mailgun | mailgun_smtp_credential | ✗ | ✗ | ✗ | ✗ |
| Mapbox | mapbox_secret_access_token | ✓ | ✗ | ✗ | ✗ |
| MaxMind | maxmind_license_key | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_non_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mercury | mercury_production_api_token | ✓ | ✓ | ✗ | ✗ |
| Mergify | mergify_application_key | ✓ | ✓ | ✗ | ✗ |
| MessageBird | messagebird_api_key | ✓ | ✗ | ✗ | ✗ |
| Midtrans | midtrans_production_server_key | ✓ | ✓ | ✗ | ✗ |
| Midtrans | midtrans_sandbox_server_key | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_insights_query_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_license_key | ✓ | ✗ | ✗ | ✗ |
| New Relic | new_relic_personal_api_key | ✓ | ✓ | ✗ | ✗ |
| New Relic | new_relic_rest_api_key | ✓ | ✓ | ✗ | ✗ |
| Notion | notion_integration_token | ✓ | ✗ | ✗ | ✗ |
| Notion | notion_oauth_client_secret | ✓ | ✗ | ✗ | ✗ |
| npm | npm_access_token | ✓ | ✓ | ✗ | ✗ |
| npm | npm_access_token | ✓ | ✗ | ✗ | ✗ |
| npm | npm_access_token | ✗ | ✗ | ✗ | ✗ |
| NuGet | nuget_api_key | ✓ | ✓ | ✗ | ✗ |
| Octopus Deploy | octopus_deploy_api_key | ✓ | ✗ | ✗ | ✗ |
| Oculus | oculus_access_token | ✓ | ✗ | ✗ | ✗ |
| OneChronos | onechronos_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_api_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_eb_encryption_key | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_oauth_token | ✓ | ✓ | ✗ | ✗ |
| OneChronos | onechronos_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Onfido | onfido_sandbox_api_token | ✓ | ✗ | ✗ | ✗ |
| OpenAI | openai_api_key | ✓ | ✓ | ✗ | ✗ |
| OpenAI | openai_api_key | ✓ | ✗ | ✗ | ✗ |
| Orbit | orbit_api_token | ✓ | ✗ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_secret | ✓ | ✓ | ✗ | ✗ |
| PagerDuty | pagerduty_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Palantir | palantir_jwt | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_production_api_key | ✓ | ✓ | ✗ | ✗ |
| Persona Identities | persona_sandbox_api_key | ✓ | ✓ | ✗ | ✗ |
| pinterest_access_token | ✓ | ✓ | ✗ | ✗ | |
| pinterest_refresh_token | ✓ | ✓ | ✗ | ✗ | |
| PlanetScale | planetscale_database_password | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_oauth_token | ✓ | ✓ | ✗ | ✗ |
| PlanetScale | planetscale_service_token | ✓ | ✓ | ✗ | ✗ |
| Plivo | plivo_auth_id plivo_auth_token | ✓ | ✓ | ✗ | ✗ |
| Postman | postman_api_key | ✓ | ✓ | ✗ | ✗ |
| Postman | postman_collection_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_server_api_key | ✓ | ✓ | ✗ | ✗ |
| Prefect | prefect_user_api_key | ✓ | ✓ | ✗ | ✗ |
| Proctorio | proctorio_consumer_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_linkage_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_registration_key | ✓ | ✗ | ✗ | ✗ |
| Proctorio | proctorio_secret_key | ✓ | ✓ | ✗ | ✗ |
| Proctorio | proctorio_secret_key | ✓ | ✗ | ✗ | ✗ |
| Pulumi | pulumi_access_token | ✓ | ✗ | ✗ | ✗ |
| PyPI | pypi_api_token | ✓ | ✗ | ✗ | ✗ |
| ReadMe | readmeio_api_access_token | ✓ | ✓ | ✗ | ✗ |
| redirect.pizza | redirect_pizza_api_token | ✓ | ✓ | ✗ | ✗ |
| Replicate | replicate_api_token | ✗ | ✗ | ✗ | ✗ |
| Rootly | rootly_api_key | ✓ | ✓ | ✗ | ✗ |
| RubyGems | rubygems_api_key | ✓ | ✗ | ✗ | ✗ |
| Samsara | samsara_api_token | ✓ | ✓ | ✗ | ✗ |
| Samsara | samsara_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Segment | segment_public_api_token | ✓ | ✓ | ✗ | ✗ |
| SendGrid | sendgrid_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_api_key | ✓ | ✓ | ✗ | ✗ |
| Sendinblue | sendinblue_smtp_key | ✓ | ✓ | ✗ | ✗ |
| Shippo | shippo_live_api_token | ✓ | ✓ | ✗ | ✗ |
| Shippo | shippo_test_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_access_token | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_app_client_credentials | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_client_secret | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_app_shared_secret | ✓ | ✓ | ✗ | ✗ |
| Shopify | shopify_custom_app_access_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_marketplace_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_merchant_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_partner_api_token | ✓ | ✗ | ✗ | ✗ |
| Shopify | shopify_private_app_password | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_api_token | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_api_token | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_api_token | ✓ | ✓ | ✗ | ✗ |
| Slack | slack_incoming_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Slack | slack_workflow_webhook_url | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token | ✓ | ✗ | ✗ | ✗ |
| Square | square_access_token | ✓ | ✗ | ✗ | ✗ |
| Square | square_production_application_secret | ✓ | ✗ | ✗ | ✗ |
| Square | square_sandbox_application_secret | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_api_key | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_api_key | ✓ | ✗ | ✗ | ✗ |
| SSLMate | sslmate_cluster_secret | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_api_key | ✓ | ✓ | ✗ | ✗ |
| Stripe | stripe_legacy_api_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_live_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_restricted_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_test_secret_key | ✓ | ✗ | ✗ | ✗ |
| Stripe | stripe_webhook_signing_secret | ✓ | ✗ | ✗ | ✗ |
| Supabase | supabase_service_key | ✓ | ✗ | ✗ | ✗ |
| Supabase | supabase_service_key | ✓ | ✗ | ✗ | ✗ |
| Tableau | tableau_personal_access_token | ✓ | ✗ | ✗ | ✗ |
| Telegram | telegram_bot_token | ✓ | ✗ | ✗ | ✗ |
| Telnyx | telnyx_api_v2_key | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_cloud_secret_id | ✓ | ✓ | ✗ | ✗ |
| Tencent | tencent_wechat_api_app_id | ✓ | ✗ | ✗ | ✗ |
| Twilio | twilio_access_token | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_account_sid | ✓ | ✓ | ✗ | ✗ |
| Twilio | twilio_api_key | ✓ | ✓ | ✗ | ✗ |
| Typeform | typeform_personal_access_token | ✓ | ✓ | ✗ | ✗ |
| Uniwise | wiseflow_api_key | ✓ | ✓ | ✗ | ✗ |
| Unkey | unkey_root_key | ✓ | ✗ | ✗ | ✗ |
| VolcEngine | volcengine_access_key_id | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_api_key | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_app_secret | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_access_token | ✓ | ✓ | ✗ | ✗ |
| Wakatime | wakatime_oauth_refresh_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token | ✓ | ✓ | ✗ | ✗ |
| Workato | workato_developer_api_token | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_production_api_key | ✓ | ✓ | ✗ | ✗ |
| WorkOS | workos_production_api_key | ✗ | ✗ | ✗ | ✗ |
| WorkOS | workos_staging_api_key | ✓ | ✗ | ✗ | ✗ |
| WorkOS | workos_staging_api_key | ✗ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_access_secret | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_cookie | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_iam_token | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_cloud_smartcaptcha_server_key | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_dictionary_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_passport_oauth_token | ✓ | ✓ | ✗ | ✗ |
| Yandex | yandex_predictor_api_key | ✓ | ✗ | ✗ | ✗ |
| Yandex | yandex_translate_api_key | ✓ | ✗ | ✗ | ✗ |
| Zuplo | zuplo_consumer_api_key | ✓ | ✓ | ✗ | ✗ |
Tokenversionen
Serviceanbieter aktualisieren regelmäßig die zum Generieren von Tokens verwendeten Muster und unterstützen gegebenenfalls mehrere Versionen eines Tokens. Der Pushschutz unterstützt nur die neuesten Tokenversionen, die secret scanning mit Sicherheit identifizieren kann. Dadurch wird verhindert, dass der Pushschutz Commits im Fall eines falsch positiven Ergebnisses unnötig blockiert, was bei Token der Vorversion mit größerer Wahrscheinlichkeit vorkommt.