Custom Secret Scanning Patterns repository.
- Common Passwords Shortlist
- 
Hardcoded Database Passwords 
- 
Hardcoded Spring SQL passwords 
- 
Django Secret Key 
- 
GitHub Actions SHA Checker 
- 
.NET Configuration file 
- 
.NET MachineKey 
- 
Database Connection String (full string) 
- 
Database Connection String (1) 
- 
Database Connection String (2) 
- 
Database Connection String (3) 
- 
TSQL CREATE LOGIN/USER 
- 
SQLAlchemy Database Connection String 
- 
MongoDB connection string 
- 
JDBC Database Connection String 
- 
Generic Passwords (fewer FPs) 
- 
Generic Password with hex encoded secrets 
- 
Generic Password with Base64 encoded secrets 
- 
Generic Password with URI-safe Base64 encoded secrets 
- 
UUIDs 
- 
Bearer Tokens 
- 
OAuth client secret and ID pair 
- JWT
- Arc
- 
Credit Cards 
- 
Credit Cards - Visa 
- 
Credit Cards - MasterCard 
- 
Credit Cards - American Express 
- 
Credit Cards - Discover 
- 
IBAN 
- 
Norwegian national identity number/D number 
- 
Generic RSA keys 
- 
SSH Private Keys 
- 
GPG Private Key 
- 
Hardcoded Internal Emails 
- 
Hardcoded Internal URLs 
- 
Hardcoded URI Passwords 
- 
Routable IPv4 Addresses 
- 
GitHub Container Registry typos 
- 
Azure SQL Connection String 
- 
Grafana API token 
- 
SendGrid (deprecated) 
- 
Sentry Auth Token 
- 
Sentry API Key 
- 
Sentry DSN secret 
- 
Sentry webpack plugin token 
- 
Sentry Terraform provider token 
- 
Okta token 
- 
Okta API key (precise) 
- 
DataDog API key 
- 
DataDog APP key 
- 
Microsoft Teams incoming webhook 
- 
LaunchDarkly API key 
- 
PagerDuty API/Service key 
- 
Flickr OAuth token 
- 
Flickr API key 
- 
BrowserStack access key 
- 
BrowserStack access key (imprecise) 
- 
BrowserStack token (URL) 
- 
Vercel Access Token (imprecise) 
- 
Vercel Access Token 
- 
Vercel CLI token 
- 
Vercel OAuth client secrets 
- 
UUIDv4 Bearer token (maybe Heroku) 
- 
Azure client secret 
- 
Google private key id (or older API key) 
- 
OpenStack password/API key 
- 
AlienVault OTX API key 
- 
Apollo.io API key 
- 
ClickUp API key 
- 
Amazon MWS Auth Token 
- 
Jenkins API token 
- 
AWS S3 presigned URL 
- 
Azure Access Key (legacy format) 
- 
Azure Shared Access Signature (SAS) Token 
- 
CircleCI API token