This document lists all secret scanning rules (by id) currently supported in the project, with a short description for each.
| Rule ID | Description |
|---|---|
| 1password-secret-key | Uncovered a possible 1Password secret key, potentially compromising access to secrets in vaults. |
| 1password-service-account-token | Uncovered a possible 1Password service account token, potentially compromising access to secrets in vaults. |
| adafruit-api-key | Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure. |
| adobe-client-id | Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches. |
| adobe-client-secret | Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation. |
| age-secret-key | Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information. |
| airtable-api-key | Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration. |
| algolia-api-key | Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms. |
| alibaba-access-key-id | Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise. |
| alibaba-secret-key | Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud. |
| asana-client-id | Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information. |
| asana-client-secret | Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access. |
| atlassian-api-token | Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality. |
| authress-service-client-access-key | Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data. |
| aws-access-token | Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms. |
| azure-ad-client-secret | Azure AD Client Secret |
| beamer-api-token | Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates. |
| bitbucket-client-id | Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure. |
| bitbucket-client-secret | Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access. |
| bittrex-access-key | Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss. |
| bittrex-secret-key | Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security. |
| cisco-meraki-api-key | Cisco Meraki is a cloud-managed IT solution that provides networking, security, and device management through an easy-to-use interface. |
| clickhouse-cloud-api-secret-key | Identified a pattern that may indicate clickhouse cloud API secret key, risking unauthorized clickhouse cloud api access and data breaches on ClickHouse Cloud platforms. |
| clojars-api-token | Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation. |
| cloudflare-api-key | Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security. |
| cloudflare-global-api-key | Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security. |
| cloudflare-origin-ca-key | Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security. |
| codecov-access-token | Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data. |
| cohere-api-token | Identified a Cohere Token, posing a risk of unauthorized access to AI services and data manipulation. |
| coinbase-access-token | Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions. |
| confluent-access-token | Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow. |
| confluent-secret-key | Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services. |
| contentful-delivery-api-token | Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity. |
| curl-auth-header | Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource. |
| curl-auth-user | Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource. |
| databricks-api-token | Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing. |
| datadog-access-token | Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation. |
| defined-networking-api-token | Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches. |
| digitalocean-access-token | Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise. |
| digitalocean-pat | Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy. |
| digitalocean-refresh-token | Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation. |
| discord-api-token | Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord. |
| discord-client-id | Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications. |
| discord-client-secret | Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks. |
| doppler-api-token | Discovered a Doppler API token, posing a risk to environment and secrets management security. |
| droneci-access-token | Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows. |
| dropbox-api-token | Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage. |
| dropbox-long-lived-api-token | Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data. |
| dropbox-short-lived-api-token | Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation. |
| duffel-api-token | Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data. |
| dynatrace-api-token | Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure. |
| easypost-api-token | Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure. |
| easypost-test-api-token | Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data. |
| etsy-access-token | Found an Etsy Access Token, potentially compromising Etsy shop management and customer data. |
| facebook-access-token | Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure. |
| facebook-page-access-token | Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure. |
| facebook-secret | Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure. |
| fastly-api-token | Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues. |
| finicity-api-token | Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations. |
| finicity-client-secret | Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches. |
| finnhub-access-token | Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics. |
| flickr-access-token | Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage. |
| flutterwave-encryption-key | Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information. |
| flutterwave-public-key | Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations. |
| flutterwave-secret-key | Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches. |
| flyio-access-token | Uncovered a Fly.io API key |
| frameio-api-token | Found a Frame.io API token, potentially compromising video collaboration and project management. |
| freemius-secret-key | Detected a Freemius secret key, potentially exposing sensitive information. |
| freshbooks-access-token | Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure. |
| Robility-secret-key | Detected a Robility Secret Key, risking unauthorized access to Robility services |