custom-pattern-secrets

Custom Secret Scanning Patterns repository.

Patterns

Commonly Used Secrets / Passwords

• Common Passwords Shortlist

Configuration Secrets

• Hardcoded Database Passwords

• Hardcoded Spring SQL passwords

• Django Secret Key

• GitHub Actions SHA Checker

• .NET Configuration file

• .NET MachineKey

Database passwords

• Database Connection String (1)

• Database Connection String (2)

• Database Connection String (3)

• TSQL CREATE LOGIN/USER

Generic Secrets / Passwords

• Generic Passwords

• UUIDs

• Bearer Tokens

• OAuth client secret and ID pair

JWT

• JWT

Password stores

• Arc

Personally identifiable information (PII)

• Credit Cards

• Credit Cards - Visa

• Credit Cards - MasterCard

• Credit Cards - American Express

• Credit Cards - Discover

• IBAN

RSA Keys

• Generic RSA keys

• SSH Private Keys

• GPG Private Key

URI / URL Custom Patterns

• Hardcoded Internal Emails

• Hardcoded Internal URLs

• Hardcoded URI Passwords

• Routable IPv4 Addresses

• GitHub Container Registry typos

Vendors

• Azure SQL Connection String

• Grafana API token

• SendGrid (deprecated)

• Sentry Auth Token

• Sentry API Key

• Sentry DSN secret

• Sentry webpack plugin token

• Sentry Terraform provider token

• Okta token

• DataDog API key

• DataDog APP key

• Microsoft Teams incoming webhook

• LaunchDarkly API key

• PagerDuty API/Service key

• Flickr OAuth token

• Flickr API key

• BrowserStack access key

• BrowserStack access key (imprecise)

• BrowserStack token (URL)

• Vercel Access Token (imprecise)

• Vercel Access Token

• Vercel CLI token

• Vercel OAuth client secrets

• MongoDB connection string

• UUIDv4 Bearer token (maybe Heroku)

• Azure client secret