Source Code Secret Detection

4 min

secret detection overview secret detection is the process of identifying sensitive information related to your organisation that may be unintentionally exposed on platforms like github or dockerhub we scan all github and dockerhub events that flare finds using a set of rules designed to detect patterns that match known secret formats the types of secrets we look for are listed below generic vs non generic secrets some secrets are classified as generic these are common patterns that can easily trigger false positives, making them noisier and less reliable indicators of a real leak because of this, events are scored differently depending on whether the detected secrets are generic or not non generic secrets — if we detect one or more non generic secrets in an event, we raise its score to indicate greater risk only generic secrets — if all detected secrets are generic, we lower the event’s score to reduce unnecessary alerts this approach helps prioritise real threats while minimising noise from harmless matches querying for secrets “i want to find all flare events that contain secrets” how to do it source filtering restrict your search to source code by specifying the source query contains secrets\ true dive deeper you can specify which source you want to explore using metadata source\ dockerhub or metadata source\ driller github “want to find all flare events that contain a certain secret” how to do it source filtering restrict your search to source code by specifying the source query secrets metadata type \[select from list below] dive deeper you can specify which source you want to explore using metadata source\ dockerhub or metadata source\ driller github secret types adafruit io key — adafruit io key adobe oauth client secret — adobe oauth client secret age recipient x25519 public key — age recipient (x25519 public key) age identity x22519 secret key — age identity (x22519 secret key) anthropic api key — anthropic api key aws appsync api key — aws appsync api key amazon resource name — amazon resource name artifactory api key — artifactory api key auth0 application credentials — auth0 application credentials aws api key — aws api key aws secret access key — aws secret access key aws account id — aws account id aws session token — aws session token amazon mws auth token — amazon mws auth token aws api credentials — aws api credentials azure connection string — azure connection string azure app configuration connection string — azure app configuration connection string azure personal access token — azure personal access token bitbucket app password — bitbucket app password blynk device access token — blynk device access token blynk organization access token — blynk organization access token blynk organization client credentials — blynk organization client credentials codeclimate reporter id — codeclimate reporter id crates io api key — crates io api key databricks personal access token — databricks personal access token digitalocean application access token — digitalocean application access token digitalocean personal access token — digitalocean personal access token digitalocean refresh token — digitalocean refresh token django secret key — django secret key docker hub personal access token — docker hub personal access token doppler cli token — doppler cli token doppler personal token — doppler personal token doppler service token — doppler service token doppler service account token — doppler service account token doppler scim token — doppler scim token doppler audit token — doppler audit token dropbox access token — dropbox access token dependency track api key — dependency track api key dynatrace token — dynatrace token facebook secret key — facebook secret key facebook access token — facebook access token figma personal access token — figma personal access token firecrawl api key — firecrawl api key google cloud storage bucket — google cloud storage bucket generic secret — generic secret connection string in net configuration — connection string in net configuration generic password — generic password generic username and password — generic username and password generic api key — generic api key credentials in net system net networkcredential — credentials in net system net networkcredential credentials in net system directoryservices directoryentry — credentials in net system directoryservices directoryentry sensitive value in net configuration — sensitive value in net configuration gitalk oauth credentials — gitalk oauth credentials github personal access token — github personal access token github oauth access token — github oauth access token github app token — github app token github refresh token — github refresh token github client id — github client id github secret key — github secret key gitlab runner registration token — gitlab runner registration token gitlab personal access token — gitlab personal access token gitlab pipeline trigger token — gitlab pipeline trigger token google client id — google client id google oauth client secret — google oauth client secret google oauth access token — google oauth access token google api key — google api key google oauth credentials — google oauth credentials hardcoded gradle credentials — hardcoded gradle credentials grafana api token — grafana api token grafana cloud api token — grafana cloud api token grafana service account token — grafana service account token groq api key — groq api key hashicorp vault service token — hashicorp vault service token hashicorp vault batch token — hashicorp vault batch token hashicorp vault recovery token — hashicorp vault recovery token hashicorp vault unseal key — hashicorp vault unseal key heroku api key — heroku api key http basic authentication — http basic authentication http bearer token — http bearer token huggingface user access token — huggingface user access token jenkins token or crumb — jenkins token or crumb jenkins setup admin password — jenkins setup admin password jina search foundation api key — jina search foundation api key json web token secret — json web token secret kagi api key — kagi api key password hash kerberos — password hash (kerberos 5, etype 23, as rep) kubernetes bootstrap token — kubernetes bootstrap token linkedin client id — linkedin client id linkedin secret key — linkedin secret key mailchimp api key — mailchimp api key mailgun api key — mailgun api key mapbox public access token — mapbox public access token mapbox secret access token — mapbox secret access token mapbox temporary access token — mapbox temporary access token credentials in mongodb connection string — credentials in mongodb connection string microsoft teams webhook — microsoft teams webhook netrc credentials — netrc credentials new relic license key — new relic license key new relic api service key — new relic api service key new relic admin api key — new relic admin api key new relic insights insert key — new relic insights insert key new relic insights query key — new relic insights query key new relic rest api key — new relic rest api key new relic pixie api key — new relic pixie api key new relic pixie deploy key — new relic pixie deploy key npm access token — npm access token (fine grained) nuget api key — nuget api key credentials in odbc connection string — credentials in odbc connection string okta api token — okta api token openai api key — openai api key particle io access token — particle io access token pem encoded private key — pem encoded private key phpmailer credentials — phpmailer credentials credentials in postgresql connection uri — credentials in postgresql connection uri postman api key — postman api key postmark api token — postmark api token credentials in psexec invocation — credentials in psexec invocation password hash md5crypt — password hash (md5crypt) password hash bcrypt — password hash (bcrypt) password hash sha256crypt — password hash (sha256crypt) password hash sha512crypt — password hash (sha512crypt) password hash cisco ios pbkdf2 with sha256 — password hash (cisco ios pbkdf2 with sha256) pypi upload token — pypi upload token react app username — react app username react app password — react app password rubygems api key — rubygems api key aws s3 bucket — aws s3 bucket salesforce access token — salesforce access token sauce token — sauce token segment public api token — segment public api token sendgrid api key — sendgrid api key shopify domain — shopify domain shopify app secret — shopify app secret shopify access token — shopify access token slack bot token — slack bot token slack webhook — slack webhook slack user token — slack user token slack app token — slack app token slack legacy bot token — slack legacy bot token sonarqube token — sonarqube token sourcegraph access token — sourcegraph access token square access token — square access token square oauth secret — square oauth secret stackhawk api key — stackhawk api key stripe api key — stripe api key stripe api test key — stripe api test key tavily api key — tavily api key teamcity api token — teamcity api token telegram bot token — telegram bot token thingsboard access token — thingsboard access token thingsboard provision device key → thingsboard provision device key thingsboard provision device secret → thingsboard provision device secret truenas api key websocket → truenas api key (websocket) truenas api key rest api → truenas api key (rest api) twilio api key → twilio api key twitter client id → twitter client id twitter secret key → twitter secret key credentials in connect viserver invocation → credentials in connect viserver invocation wireguard private key → wireguard private key wireguard preshared key → wireguard preshared key

Open Web

Leaked Credentials