감지된 시크릿
Tier: Free, Premium, Ultimate
Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
요약
이 표는 다음에 의해 감지된 시크릿을 나열합니다: 시크릿 감지 규칙은 기본 규칙셋에서 업데이트됩니다. 새 시크릿 감지 규칙을 추가하려면 모든 GitLab 사용자를 위한 새 감지 규칙을 제안하거나 특정 프로젝트에 맞게 규칙셋을 사용자 정의할 수 있습니다.
이 표는 다음에 의해 감지된 시크릿을 나열합니다:
- 파이프라인 시크릿 감지
- 클라이언트 측 시크릿 감지
- 시크릿 푸시 보호
시크릿 감지 규칙은 기본 규칙셋에서 업데이트됩니다. 제거되거나 업데이트된 패턴이 있는 감지된 시크릿은 분류할 수 있도록 열린 상태로 유지됩니다.
새 시크릿 감지 규칙을 추가하려면 모든 GitLab 사용자를 위한 새 감지 규칙을 제안하거나 특정 프로젝트에 맞게 규칙셋을 사용자 정의할 수 있습니다.
| 설명 | ID | 파이프라인 시크릿 감지 | 클라이언트 측 시크릿 감지 | 시크릿 푸시 보호 |
|---|---|---|---|---|
| Adafruit IO Key | AdafruitIOKey | ✅ | ❌ | ✅ |
| Adobe Client ID (OAuth Web) | Adobe Client ID (Oauth Web) | ✅ | ❌ | ❌ |
| Adobe client secret | Adobe Client Secret | ✅ | ❌ | ✅ |
| Adobe IMS Access Token | AdobeIMSAccessToken | ✅ | ❌ | ❌ |
| Age secret key | Age secret key | ✅ | ❌ | ❌ |
| Aiven Service Password | AivenServicePassword | ✅ | ❌ | ✅ |
| Alibaba AccessKey ID | Alibaba AccessKey ID | ✅ | ❌ | ❌ |
| Alibaba Secret Key | Alibaba Secret Key | ✅ | ❌ | ❌ |
| Amazon OAuth Client ID | AmazonOAuthClientID | ✅ | ❌ | ✅ |
| Anthropic API key | anthropic_key | ✅ | ✅ | ✅ |
| Artifactory API Key | ArtifactoryApiKey | ✅ | ❌ | ✅ |
| Artifactory Identity Token | ArtifactoryIdentityToken | ✅ | ❌ | ✅ |
| Asana client ID | Asana Client ID | ✅ | ❌ | ❌ |
| Asana client secret | Asana Client Secret | ✅ | ❌ | ❌ |
| Asana Personal Access Token V1 | AsanaPersonalAccessTokenV1 | ✅ | ❌ | ✅ |
| Asana Personal Access Token V2 | AsanaPersonalAccessTokenV2 | ✅ | ❌ | ✅ |
| Atlassian API Key | AtlassianApiKey | ✅ | ❌ | ✅ |
| Atlassian API token | Atlassian API token | ✅ | ❌ | ❌ |
| Atlassian User API Token | AtlassianUserApiToken | ✅ | ❌ | ✅ |
| Auth0 Client Secret | Auth0ClientSecret | ✅ | ❌ | ❌ |
| AWS Access Key ID | AWS | ✅ | ❌ | ✅ |
| AWS Access Secret Key | AWSSecretAccessKey | ✅ | ❌ | ❌ |
| AWS Session Token | AWSSessionToken | ✅ | ❌ | ✅ |
| AWS Cognito Identity Pool ID | AWSCognitoIdentityPoolID | ✅ | ❌ | ❌ |
| AWS Bedrock Key | AWSBedrockKey | ✅ | ❌ | ❌ |
| AWS Bedrock Short-lived Key | AWSBedrockShortLivedKey | ✅ | ❌ | ✅ |
| Azure API Management Gateway Key | AzureAPIManagementGatewayKey | ✅ | ❌ | ✅ |
| Azure API Management Direct Key | AzureAPIManagementDirectKey | ✅ | ❌ | ❌ |
| Azure App Config | AzureAppConfigConnectionString | ✅ | ❌ | ✅ |
| Azure Communication Services | AzureCommServicesConnectionString | ✅ | ❌ | ✅ |
| Azure Cosmos DB Credentials | AzureCosmosDBCredentials | ✅ | ❌ | ❌ |
| Azure Entra Client Secret | AzureEntraClientSecret | ✅ | ❌ | ✅ |
| Azure Entra Client ID Token | AzureEntraIDToken | ✅ | ❌ | ✅ |
| Azure EventGrid Access Key | AzureEventGridAccessKey | ✅ | ❌ | ❌ |
| Azure Functions API Key | AzureFunctionsAPIKey | ✅ | ❌ | ✅ |
| Azure Logic App SAS | AzureLogicAppSAS | ✅ | ❌ | ✅ |
| Azure OpenAI API Key | AzureOpenAIAPIKey | ✅ | ❌ | ❌ |
| Azure Personal Access Token | AzurePersonalAccessToken | ✅ | ❌ | ❌ |
| Azure SignalR Access Key | AzureSignalRAccessKey | ✅ | ❌ | ✅ |
| Beamer API token | Beamer API token | ✅ | ❌ | ❌ |
| Bitbucket client ID | Bitbucket client ID | ✅ | ❌ | ❌ |
| Bitbucket client secret | Bitbucket client secret | ✅ | ❌ | ❌ |
| Brevo API token | Sendinblue API token | ✅ | ❌ | ✅ |
| Brevo SMTP token | Sendinblue SMTP token | ✅ | ❌ | ✅ |
| Canada Digital Service Notify API Key | CDSCanadaNotifyAPIKey | ✅ | ❌ | ✅ |
| CircleCI access token | CircleCI access tokens | ✅ | ❌ | ✅ |
| Clojars deploy token | Clojars API token | ✅ | ❌ | ❌ |
| Contentful delivery API token | Contentful delivery API token | ✅ | ❌ | ❌ |
| Contentful personal access token | ContentfulPersonalAccessToken | ✅ | ❌ | ✅ |
| Contentful preview API token | Contentful preview API token | ✅ | ❌ | ❌ |
| Databricks API token | Databricks API token | ✅ | ❌ | ❌ |
| DataDog API Key | DataDogAPIKey | ✅ | ❌ | ❌ |
| DigitalOcean OAuth access token | digitalocean-access-token | ✅ | ❌ | ❌ |
| DigitalOcean personal access token | digitalocean-pat | ✅ | ❌ | ❌ |
| DigitalOcean refresh token | digitalocean-refresh-token | ✅ | ❌ | ❌ |
| Discord API key | Discord API key | ✅ | ❌ | ❌ |
| Discord client ID | Discord client ID | ✅ | ❌ | ❌ |
| Discord client secret | Discord client secret | ✅ | ❌ | ❌ |
| Docker Personal Access Token | DockerPersonalAccessToken | ✅ | ❌ | ✅ |
| Doppler API token | Doppler API token | ✅ | ❌ | ✅ |
| Doppler Service token | Doppler Service token | ✅ | ❌ | ✅ |
| Dropbox API secret/key | Dropbox API secret/key | ✅ | ❌ | ❌ |
| Dropbox App Access Token | DropboxAppAccessToken | ✅ | ❌ | ✅ |
| Dropbox long lived API token | Dropbox long lived API token | ✅ | ❌ | ❌ |
| Dropbox short lived API token | Dropbox short lived API token | ✅ | ❌ | ✅ |
| Duffel API token | Duffel API token | ✅ | ❌ | ❌ |
| Dynatrace Platform Token | DynatracePlatformToken | ✅ | ❌ | ❌ |
| EasyPost production API key | EasyPost API token | ✅ | ❌ | ❌ |
| EasyPost test API key | EasyPost test API token | ✅ | ❌ | ❌ |
| Facebook token | Facebook token | ✅ | ❌ | ❌ |
| Fastly API user or automation token | Fastly API token | ✅ | ❌ | ❌ |
| Figma Personal Access Token | FigmaPersonalAccessToken | ✅ | ❌ | ✅ |
| Finicity API token | Finicity API token | ✅ | ❌ | ❌ |
| Finicity client secret | Finicity client secret | ✅ | ❌ | ❌ |
| Flutterwave Prod Encrypted Key | FlutterwaveProdEncryptedKey | ✅ | ❌ | ✅ |
| Flutterwave test encrypted key | Flutterwave encrypted key | ✅ | ❌ | ❌ |
| Flutterwave Prod Public Key | FlutterwaveProdPublicKey | ✅ | ❌ | ✅ |
| Flutterwave test public key | Flutterwave public key | ✅ | ❌ | ❌ |
| Flutterwave Prod Secret Key | FlutterwaveProdSecretKey | ✅ | ❌ | ✅ |
| Flutterwave test secret key | Flutterwave secret key | ✅ | ❌ | ❌ |
| Frame.io API token | Frame.io API token | ✅ | ❌ | ❌ |
| GCP API key | GCP API key | ✅ | ❌ | ❌ |
| GCP OAuth client secret | GCP OAuth client secret | ✅ | ❌ | ✅ |
| GCP Vertex Express Mode Key | GCPVertexExpressModeKey | ✅ | ❌ | ✅ |
| GitHub app token | Github App Token | ✅ | ❌ | ✅ |
| GitHub App Installation Token | GithubAppInstallationToken | ✅ | ❌ | ✅ |
| GitHub Fine Grained Personal Access Token | GithubFineGrainedPersonalAccessToken | ✅ | ❌ | ✅ |
| GitHub OAuth Access Token | Github OAuth Access Token | ✅ | ❌ | ✅ |
| GitHub personal access token (classic) | Github Personal Access Token | ✅ | ❌ | ✅ |
| GitHub refresh token | Github Refresh Token | ✅ | ❌ | ✅ |
| GitLab CI/CD job token | gitlab_ci_build_token | ✅ | ✅ | ❌ |
| GitLab deploy token | gitlab_deploy_token | ✅ | ✅ | ❌ |
| GitLab Feature Flags Client Token | None | ❌ | ✅ | ❌ |
| GitLab feed token | gitlab_feed_token | ✅ | ✅ | ❌ |
| GitLab feed token v2 | gitlab_feed_token_v2 | ✅ | ✅ | ✅ |
| GitLab incoming email token | gitlab_incoming_email_token | ✅ | ✅ | ✅ |
| GitLab Kubernetes agent token | gitlab_kubernetes_agent_token | ✅ | ✅ | ✅ |
| GitLab OAuth application secret | gitlab_oauth_app_secret | ✅ | ✅ | ✅ |
| GitLab personal access token | gitlab_personal_access_token | ✅ | ✅ | ✅ |
| GitLab Personal Access Token (routable) | gitlab_personal_access_token_routable | ✅ | ✅ | ✅ |
| GitLab pipeline trigger token | gitlab_pipeline_trigger_token | ✅ | ✅ | ✅ |
| GitLab runner authentication token | gitlab_runner_auth_token | ✅ | ✅ | ✅ |
| GitLab runner registration token | gitlab_runner_registration_token | ✅ | ❌ | ✅ |
| GitLab SCIM OAuth token | gitlab_scim_oauth_token | ✅ | ✅ | ❌ |
| GoCardless API token | GoCardless API token | ✅ | ❌ | ❌ |
| Google API key | GCP API key | ✅ | ❌ | ❌ |
| Google (GCP) service account | Google (GCP) Service-account | ✅ | ❌ | ✅ |
| Grafana Service Account Token | GrafanaServiceAccountToken | ✅ | ❌ | ✅ |
| Grafana Cloud Access Policy Token | GrafanaCloudAccessPolicyToken | ✅ | ❌ | ✅ |
| HashiCorp Terraform API token | Hashicorp Terraform user/org API token | ✅ | ❌ | ✅ |
| HashiCorp Vault batch token | Hashicorp Vault batch token | ✅ | ❌ | ✅ |
| HashiCorp Vault Service Token | HashicorpVaultServiceToken | ✅ | ❌ | ✅ |
| Heroku API key or application authorization token | Heroku API Key | ✅ | ❌ | ✅ |
| Highnote Live Secret Key | HighnoteLiveSecretKey | ✅ | ❌ | ✅ |
| Highnote Test Secret Key | HighnoteTestSecretKey | ✅ | ❌ | ✅ |
| HubSpot private app API token | Hubspot API token | ✅ | ❌ | ✅ |
| Hugging Face User Access Token | HuggingFaceUserAccessToken | ✅ | ❌ | ✅ |
| Instagram access token | Instagram access token | ✅ | ❌ | ❌ |
| Intercom API token | Intercom API token | ✅ | ❌ | ❌ |
| Intercom App Access Token | IntercomAppAccessToken | ✅ | ❌ | ✅ |
| Intercom client secret or client ID | Intercom client secret/ID | ✅ | ❌ | ❌ |
| Ionic personal access token | Ionic API token | ✅ | ❌ | ❌ |
| JFrog Platform Access Tokens | JfrogPlatformAccessToken | ✅ | ❌ | ❌ |
| Kubernetes Service Account Token | KubernetesServiceAccToken | ✅ | ❌ | ✅ |
| LangChain API Key | LangChainAPIKey | ✅ | ❌ | ✅ |
| Linear API token | Linear API token | ✅ | ❌ | ✅ |
| Linear client secret or ID (OAuth 2.0) | Linear client secret/ID | ✅ | ❌ | ❌ |
| LinkedIn client ID | Linkedin Client ID | ✅ | ❌ | ❌ |
| LinkedIn client secret | Linkedin Client secret | ✅ | ❌ | ❌ |
| Lob API key | Lob API Key | ✅ | ❌ | ❌ |
| Lob publishable API key | Lob Publishable API Key | ✅ | ❌ | ❌ |
| Mailchimp API key | Mailchimp API key | ✅ | ❌ | ✅ |
| Mailgun private API token | Mailgun private API token | ✅ | ❌ | ✅ |
| Mailgun public verification key | Mailgun public validation key | ✅ | ❌ | ❌ |
| Mailgun webhook signing key | Mailgun webhook signing key | ✅ | ❌ | ✅ |
| Mapbox API token | Mapbox API token | ✅ | ❌ | ❌ |
| Mapbox Secret API Token | MapboxSecretApiToken | ✅ | ❌ | ❌ |
| MaxMind License Key | MaxMind License Key | ✅ | ❌ | ✅ |
| MessageBird access key | messagebird-api-token | ✅ | ❌ | ❌ |
| MessageBird API client ID | MessageBird API client ID | ✅ | ❌ | ❌ |
| Meta access token | Meta access token | ✅ | ❌ | ❌ |
| New Relic ingest browser API token | New Relic ingest browser API token | ✅ | ❌ | ❌ |
| New Relic ingest browser API token v2 | New Relic ingest browser API token v2 | ✅ | ❌ | ✅ |
| New Relic REST API Key | New Relic REST API Key | ✅ | ❌ | ✅ |
| New Relic user API ID | New Relic user API ID | ✅ | ❌ | ✅ |
| New Relic user API key | New Relic user API Key | ✅ | ❌ | ✅ |
| npm access token | npm access token | ✅ | ❌ | ✅ |
| Oculus access token | Oculus access token | ✅ | ❌ | ❌ |
| Okta API Token | OktaAPIToken | ✅ | ❌ | ✅ |
| Okta Client Secret | OktaClientSecret | ✅ | ❌ | ❌ |
| Onfido Live API Token | Onfido Live API Token | ✅ | ❌ | ✅ |
| OpenAI API key | open ai token | ✅ | ❌ | ❌ |
| OpenAI Project Key | OpenAiProjectKey | ✅ | ❌ | ✅ |
| OpenAI Service Account Key | OpenAiServiceAccountKey | ✅ | ❌ | ✅ |
| Password in URL | Password in URL | ✅ | ❌ | ❌ |
| PGP private key | PGP private key | ✅ | ❌ | ❌ |
| PKCS8 private key | PKCS8 private key | ✅ | ❌ | ❌ |
| PlanetScale API token | Planetscale API token | ✅ | ❌ | ✅ |
| PlanetScale App Secret | PlanetscaleAppSecret | ✅ | ❌ | ✅ |
| PlanetScale OAuth Secret | PlanetscaleOAuthSecret | ✅ | ❌ | ✅ |
| PlanetScale password | Planetscale password | ✅ | ❌ | ✅ |
| PostHog Personal API key | PostHogPersonalAPIkey | ✅ | ❌ | ✅ |
| PostHog Project API key | PostHogProjectAPIkey | ✅ | ❌ | ✅ |
| Postman API token | Postman API token | ✅ | ❌ | ❌ |
| Postman Collection Access Key | PostmanCollectionAccessKey | ✅ | ❌ | ✅ |
| Pulumi API token | Pulumi API token | ✅ | ❌ | ❌ |
| PyPi upload token | PyPI upload token | ✅ | ❌ | ✅ |
| RSA private key | RSA private key | ✅ | ❌ | ❌ |
| RubyGems API token | Rubygem API token | ✅ | ❌ | ✅ |
| Segment public API token | Segment Public API token | ✅ | ❌ | ✅ |
| SendGrid API token | Sendgrid API token | ✅ | ❌ | ✅ |
| Shippo API token | Shippo API token | ✅ | ❌ | ✅ |
| Shippo Test API token | Shippo Test API token | ✅ | ❌ | ❌ |
| Shopify Partner API Token | ShopifyPartnerAPIToken | ✅ | ❌ | ✅ |
| Shopify personal access token | Shopify access token | ✅ | ❌ | ✅ |
| Shopify private app access token | Shopify private app access token | ✅ | ❌ | ✅ |
| Shopify Custom App Access Token | Shopify custom app access token | ✅ | ❌ | ✅ |
| Shopify shared secret | Shopify shared secret | ✅ | ❌ | ✅ |
| Slack App Configuration Token | SlackAppConfigurationToken | ✅ | ❌ | ✅ |
| Slack App Configuration Refresh Token | SlackAppConfigurationRefreshToken | ✅ | ❌ | ✅ |
| Slack app level token | SlackAppLevelToken | ✅ | ❌ | ✅ |
| Slack bot user OAuth token | Slack token | ✅ | ❌ | ✅ |
| Slack webhook | Slack Webhook | ✅ | ❌ | ❌ |
| SonarQube Global Analysis Token | SonarQubeGlobalAnalysisToken | ✅ | ❌ | ✅ |
| SonarQube Project Analysis Token | SonarQubeProjectAnalysisToken | ✅ | ❌ | ✅ |
| SonarQube User Token | SonarQubeUserToken | ✅ | ❌ | ✅ |
| Splunk Authentication Token | SplunkAuthToken | ✅ | ❌ | ✅ |
| Splunk HTTP Event Collector (HEC) Token | SplunkHECToken | ✅ | ❌ | ❌ |
| SSH (DSA) private key | SSH (DSA) private key | ✅ | ❌ | ❌ |
| SSH (EC) private key | SSH (EC) private key | ✅ | ❌ | ❌ |
| SSH private key | SSH private key | ✅ | ❌ | ❌ |
| Stripe live restricted key | StripeLiveRestrictedKey | ✅ | ❌ | ✅ |
| Stripe live secret key | StripeLiveSecretKey | ✅ | ❌ | ✅ |
| Stripe Live Short Secret Key | StripeLiveShortSecretKey | ✅ | ❌ | ✅ |
| Stripe publishable live key | StripeLivePublishableKey | ✅ | ❌ | ❌ |
| Stripe publishable test key | StripeTestPublishableKey | ✅ | ❌ | ❌ |
| Stripe restricted test key | StripeTestRestrictedKey | ✅ | ❌ | ❌ |
| Stripe secret test key | StripeTestSecretKey | ✅ | ❌ | ❌ |
| Stripe Test Short Secret Key | StripeTestShortSecretKey | ✅ | ❌ | ✅ |
| Tailscale OAuth Client Secret | TailscaleOauthClientSecret | ✅ | ❌ | ✅ |
| Tailscale API Access Token | TailscaleApiAccessToken | ✅ | ❌ | ✅ |
| Tailscale Personal Auth Key | TailscalePersonalAuthKey | ✅ | ❌ | ✅ |
| Tencent Cloud Secret ID | TencentCloudSecretID | ✅ | ❌ | ✅ |
| Twilio Account SID | Twilio Account SID | ✅ | ❌ | ✅ |
| Twilio API key | Twilio API Key | ✅ | ❌ | ✅ |
| Twitch OAuth client secret | Twitch API token | ✅ | ❌ | ❌ |
| Typeform personal access token | Typeform API token | ✅ | ❌ | ❌ |
| Volcengine Access Key ID | VolcengineAccessKeyID | ✅ | ❌ | ✅ |
| WakaTime API Key | WakaTimeAPIKey | ✅ | ❌ | ✅ |
| X token | Twitter token | ✅ | ❌ | ❌ |
| Yandex.Cloud AWS API compatible access secret | Yandex.Cloud AWS API compatible Access Secret | ✅ | ❌ | ❌ |
| Yandex.Cloud API Key | Yandex.Cloud API Key | ✅ | ❌ | ❌ |
| Yandex.Cloud IAM cookie v1-1 | Yandex.Cloud IAM Cookie v1 - 1 | ✅ | ❌ | ❌ |
| Yandex.Cloud IAM cookie v1-3 | Yandex.Cloud IAM Cookie v1 - 3 | ✅ | ❌ | ❌ |