Secret Scanning Patterns

Use these patterns in CI/CD pipelines, git hooks, or code review to detect accidentally committed secrets.

Secret TypePattern
AWS Access KeyAKIA[0-9A-Z]{16}
GitHub Tokengh[pousr]_[A-Za-z0-9_]{36,}
Private Key-----BEGIN .* PRIVATE KEY-----
JWT TokeneyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+
Connection String(postgres|mysql|mongodb)://[^\s]+
Generic API Keyapi[_-]?key['":\s]+['"]([\w\-]{16,64})
Slack Tokenxox[baprs]-[0-9A-Za-z\-]{10,}

관련 도구

🔒 SSL Certificate Checker Check SSL certificate status & expiry 🧮 Password Entropy Calculator Calculate password entropy & strength 🛡 XSS Reference XSS payloads and defense reference 🗃 SQL Injection Reference SQL injection testing & defense guide 🛡 CSP Policy Generator Generate Content Security Policy 🔑 OAuth 2.0 Builder Build OAuth 2.0 auth request params 🔍 Sensitive Info Detector Detect secrets & passwords in text 🔒 Hash Algorithm Reference Hash algorithm security reference 🔐 SSL/TLS Reference SSL/TLS versions & cipher suites ref 🎫 JWT Best Practices JWT security guide & common errors 🌐 CORS Security Guide CORS cross-origin security practices Rate Limiting Patterns Token bucket, sliding window algos