Full pattern catalog
131+ credential detectors, curated not regex-scraped.
Each entry has a unique prefix, exact length, and context check — minimizing false positives while never sending the actual value off your Mac.
Cloud & Infrastructure 17 Repositories & Artifacts 26 Observability & Monitoring 11 Chat & Communication 11 Payments & Fintech 12 AI & Machine Learning 7 SaaS & Productivity 9 Databases 3 E-commerce 4 Email & Marketing 4 DevOps & IaC 7 Secrets Vaults 3 Auth & SSO 5 Programmatic Communication 3 Password Managers 2 Cryptographic Keys 7
Cloud & Infrastructure
17 detectors| Service | Token | Prefix / signature |
|---|---|---|
| AWS | Access Key ID | AKIA / ASIA / AGPA / AIDA / AROA / AIPA / ANPA / ANVA |
| AWS | Secret Access Key | contextual (aws_secret, aws_access) |
| AWS Bedrock | Long-lived | ABSK |
| GCP | API Key | AIza |
| GCP | OAuth Client Secret | GOCSPX- |
| Azure | Storage Account Key | AccountKey= |
| Azure AD | Client Secret | ...Q~ |
| DigitalOcean | PAT | dop_v1_ |
| DigitalOcean | Access | doo_v1_ |
| DigitalOcean | Refresh | dor_v1_ |
| Fly.io | Tokens | fo1_ / fm1a_ / fm1r_ / fm2_ |
| Heroku v1 | API Key | UUID + heroku context |
| Heroku v2 | API Key | HRKU-AA |
| Scalingo | API | tk-us- |
| OpenShift | User Token | sha256~ |
| Yandex Cloud | Access | t1. |
| Yandex Cloud | API Key / AWS-style | AQVN / YC |
Repositories & Artifacts
26 detectors| Service | Token | Prefix / signature |
|---|---|---|
| GitHub | Personal Access (classic) | ghp_ |
| GitHub | Personal Access (fine-grained) | github_pat_ |
| GitHub | OAuth | gho_ |
| GitHub | App Token | ghu_ / ghs_ |
| GitHub | Refresh Token | ghr_ |
| GitLab | PAT | glpat- |
| GitLab | Pipeline Trigger | glptt- |
| GitLab | CI/CD Job Token | glcbt- |
| GitLab | Deploy Token | gldt- |
| GitLab | Runner Authentication | glrt- |
| GitLab | Kubernetes Agent | glagent- |
| GitLab | OAuth App Secret | gloas- |
| GitLab | Feed Token | glft- |
| GitLab | Feature Flag Client | glffct- |
| GitLab | SCIM Token | glsoat- |
| GitLab | Incoming Mail Token | glimt- |
| GitLab | RRT | GR1348941 |
| GitLab | Session Cookie | _gitlab_session= |
| Artifactory | API Key | AKCp |
| Artifactory | Reference Token | cmVmd |
| RubyGems | API Token | rubygems_ |
| PyPI | Upload Token | pypi-AgEIcHlwaS5vcmc |
| Clojars | API Token | CLOJARS_ |
| NPM | Access Token | npm_ |
Observability & Monitoring
11 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Databricks | API Token | dapi |
| Doppler | API Token | dp.pt. |
| Dynatrace | API Token | dt0c01. |
| Grafana | Cloud | glc_ |
| Grafana | Service Account | glsa_ |
| New Relic | Browser API | NRJS- |
| New Relic | Insert Key | NRII- |
| New Relic | User API | NRAK- |
| Sentry | User Token | sntryu_ |
| Sentry | Org Token | sntrys_eyJ |
| Sumo Logic | Access ID | su |
Chat & Communication
11 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Slack | Bot Token | xoxb- |
| Slack | User Token | xoxp- |
| Slack | App Token | xapp- |
| Slack | Config Access | xoxe.xoxb- / xoxe.xoxp- |
| Slack | Config Refresh | xoxe- |
| Slack | Legacy | xoxo- / xoxs- |
| Slack | Legacy Workspace | xoxa- / xoxr- |
| Slack | Webhook | hooks.slack.com/services/ |
| Discord | Bot Token | MN... (triple structure) |
| Telegram | Bot API | 123456789:A... |
Payments & Fintech
12 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Stripe | Secret (test/live/prod) | sk_test_ / sk_live_ / sk_prod_ |
| Stripe | Restricted | rk_live_ / rk_test_ |
| Stripe | Publishable | pk_live_ / pk_test_ |
| Square | Access | sq0atp- / EAAA |
| Shippo | Live/Test | shippo_live_ / shippo_test_ |
| Lob | Secret | live_ / test_ |
| Lob | Publishable | live_pub_ / test_pub_ |
| Flutterwave | Secret Test | FLWSECK_TEST- |
| Duffel | API | duffel_test_ / duffel_live_ |
| EasyPost | Prod | EZAK |
| EasyPost | Test | EZTK |
| Beamer | API | b_ |
AI & Machine Learning
7 detectors| Service | Token | Prefix / signature |
|---|---|---|
| OpenAI | Legacy | sk- |
| OpenAI | Project / Svc Account / Admin | sk-proj- / sk-svcacct- / sk-admin- |
| Anthropic | API | sk-ant-api03- |
| Anthropic | Admin | sk-ant-admin01- |
| Perplexity | API | pplx- |
| Hugging Face | Access | hf_ |
| Hugging Face | Organization | api_org_ |
SaaS & Productivity
9 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Linear | API | lin_api_ |
| Notion | API | ntn_ |
| Postman | API | PMAK- |
| Frame.io | API | fio-u- |
| Typeform | API | tfp_ |
| Readme | API | rdme_ |
| Octopus Deploy | API | API- |
| Mapbox | API | pk. |
| Snyk | API | UUID + snyk context |
Databases
3 detectors| Service | Token | Prefix / signature |
|---|---|---|
| PlanetScale | Token | pscale_tkn_ |
| PlanetScale | OAuth | pscale_oauth_ |
| PlanetScale | Password | pscale_pw_ |
E-commerce
4 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Shopify | Access | shpat_ |
| Shopify | Custom App | shpca_ |
| Shopify | Private App | shppa_ |
| Shopify | Shared Secret | shpss_ |
Email & Marketing
4 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Mailgun | Private | key- |
| Mailgun | Public | pubkey- |
| Sendinblue / Brevo | API | xkeysib- |
| SendGrid | API | SG. |
DevOps & IaC
7 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Pulumi | API | pul- |
| Prefect | API | pnu_ |
| Harness | API | pat. / sat. |
| Settlemint | App | sm_aat_ |
| Settlemint | Personal | sm_pat_ |
| Settlemint | Service | sm_sat_ |
| Infracost | API | ico- |
Secrets Vaults
3 detectors| Service | Token | Prefix / signature |
|---|---|---|
| HashiCorp Vault | Batch | hvb. |
| HashiCorp Vault | Service | hvs. |
| HashiCorp Vault | Legacy | s. |
Auth & SSO
5 detectors| Service | Token | Prefix / signature |
|---|---|---|
| JWT | Any | eyJ...eyJ...sig |
| HTTP | Bearer Token | Authorization: Bearer ... |
| HTTP | Basic Auth | Authorization: Basic <b64> |
| URL | Basic Auth in URL | https://user:pass@host |
| Intra42 | Client Secret | s-s4t2ud- / s-s4t2af- |
Programmatic Communication
3 detectors| Service | Token | Prefix / signature |
|---|---|---|
| Twilio | Account SID | AC |
| Twilio | API Key | SK |
| SendGrid | API | SG. |
Password Managers
2 detectors| Service | Token | Prefix / signature |
|---|---|---|
| 1Password | Secret Key | A3- |
| 1Password | Service Account | ops_eyJ |
Cryptographic Keys
7 detectors| Service | Token | Prefix / signature |
|---|---|---|
| PEM | RSA Private Key | -----BEGIN RSA PRIVATE KEY----- |
| PEM | DSA Private Key | -----BEGIN DSA PRIVATE KEY----- |
| PEM | EC Private Key | -----BEGIN EC PRIVATE KEY----- |
| PEM | OpenSSH Private Key | -----BEGIN OPENSSH PRIVATE KEY----- |
| PEM | PGP Private Key | -----BEGIN PGP PRIVATE KEY BLOCK----- |
| PEM | Encrypted Private Key | -----BEGIN ENCRYPTED PRIVATE KEY----- |
| PEM | Generic Private Key | -----BEGIN PRIVATE KEY----- |
Generic heuristics
-
Key=value with sensitive names
password=... / api_key=... / client_secret=...
-
URLs with basic auth
https://user:pass@host
-
vk_ / vk- prefixed tokens (LLM gateways, VKontakte)
vk_..., vk1.a...
Opt-in (entropy-based)
-
High-entropy base64 strings
Shannon ≥ 4.5, off by default
-
High-entropy hex strings
off by default
Want a pattern not on this list? Add a custom rule in app preferences — it stays local to your device and never reports back.