Release Date: July 15, 2025

This release introduces new detectors for GitLab incoming mail tokens, Coze personal access tokens, Tavus API keys, and more. It also includes significant improvements to existing detectors and analyzers, such as those for Zendesk, Sendinblue, and Algolia, enhancing detection accuracy and performance.

New Detectors

• GitLab Incoming Mail Token – Detects tokens used for GitLab incoming mail.
• Coze Personal Access Token – Detects personal access tokens for Coze services.
• Tavus API Key – Recognizes API keys for Tavus services.
• Heroku Platform Key – Detects prefixed variants of Heroku Platform Keys.
• SSH Credentials – New detector ssh_password_with_port allows matching SSH passwords with ports.
• Tableau Cloud PAT – Detects personal access tokens for Tableau Cloud.
• Notion Integration Token v2 – Detects the new Notion token format.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Coze Personal Access Token
• Tavus API Key
• Heroku Platform Key
• Tableau Cloud PAT
• Notion Integration Token v2
• Salesforce OAuth2

Detector Improvements

• Google OAuth2 Keys – Improved precision for Google OAuth2 detector.
• Zendesk Token – ZendeskTokenAnalyzer has been rewritten in Rust for improved performance.
• Sendinblue Key – SendinblueSecretAnalyzer has been rewritten in Rust.
• Generic High Entropy Secret – No longer considers IDs in ServiceNow migration files as secrets.
• Algolia Keys – AlgoliaKeysSecretAnalyzer has been rewritten in Rust.
• Fastly Personal Token – FastlySecretAnalyzer has been rewritten in Rust.
• [Hugging Face User Access] – Migrated analyzer to Rust for improved performance.

Engine Enhancements

• All JWT detectors will now only catch signed JWTs, enhancing security.

  Release Date: June 16, 2025

This release introduces several new detectors for Kubernetes user certificates, NVIDIA API keys, and various other services such as Alchemy, OpenRouter, and Duffel. We've also made improvements to existing detectors for enhanced detection accuracy and reduced false positives.

New Detectors

• Kubernetes User Certificate with Port – Extracts port numbers for Kubernetes user certificates.
• NVIDIA API Key – Detects API keys for NVIDIA services.
• Alchemy API Key v2 – Identifies API keys for Alchemy services.
• OpenRouter API Key – Detects API keys for OpenRouter services.
• Duffel API Key – Recognizes API keys for Duffel services.
• Apify Token – Captures tokens for Apify services.
• Jina API Key – Detects API keys for Jina services.
• Deno Account Token – Identifies tokens for Deno accounts.
• Segment Workspace Key v2 – Detects workspace keys for Segment services.
• Resend API Key – Recognizes API keys for Resend services.
• VKontakte Access Token – Detects access tokens for VKontakte services.
• Fireworks AI API Key – Captures API keys for Fireworks AI services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Kubernetes User Certificate with Port
• Alchemy API Key v2
• OpenRouter API Key
• Duffel API Key
• Apify Token
• Jina API Key
• Deno Account Token
• Resend API Key
• VKontakte Access Token
• Fireworks AI API Key

Detector Improvements

• Generic High Entropy Secret – Removed AWS ECR images that were misclassified as secrets.
• Google OAuth2 Keys – Improved regex for better detection accuracy.
• Checkout Secret Key – Updated endpoint to avoid deprecated usage.
• Checkout Sandbox Secret Key – Enhanced pattern and updated endpoint for improved accuracy.
• Bunny.net API Key – Fixed checker for better validation.
• Dify API Key – Updated checker endpoint for enhanced detection.

  Release Date: April 29, 2025

As AI adoption accelerates across organizations, securing API keys for platforms like Perplexity AI and Anthropic becomes increasingly critical. This update introduces specialized detectors for these emerging AI services alongside improvements to existing detectors and Azure cloud components.

New Detectors

• Perplexity AI API Keys – Added a new detector for Perplexity AI API keys.
• Azure SignalR Connection String – Introduced a new detector for Azure SignalR Connection Strings.
• Azure Event Grid Access Key – Added new detectors for Azure Event Grid Access Keys and a New Checker for the azure_event_grid_access_key_with_host detector.
• Anthropic Admin Keys – Introduced a new detector and New Checker for Anthropic admin keys.
• GitGuardian Platform Magic Link – Added a new detector for GitGuardian Platform Magic Links.

Detector Improvements

• LDAP Credentials – Checker Upgrade: Improved the LDAP checker to better distinguish between connection errors and invalid credentials. Updated ldap_credentials_assignment_with_dn to remove false positives.
• JSON Web Token – Detector Upgrade: The detector will now detect all JWTs regardless of their contents.
• Cloudinary API Keys – Detector Upgrade: Extended charset of cloudinary_api_key_config to improve recall.
• Auth0 Keys – Detector Upgrade: Improved recall of the detector to detect more domains.
• Claude API Key – Detector Upgrade: Refined regex for Claude API keys.
• Riot Games API Key – Checker Updated: Banlist checker will be deleted.
• LINE Notify Token – Checker Updated: Banlist checker as the service has been discontinued.

  Release Date: March 19, 2025

Bringing enhanced accuracy and broader coverage:

New Detectors

• Azure Logic App Shared Access Signature – New detector for Azure Logic App Shared Access Signature.

Detector Improvements

• LINE Messaging OAuth2 – Removed false positives from the LINE Messaging OAuth2 detector.
• OpenAI API Key – Fixed a bug in the analyzer for OpenAI API Key that prevented it from reporting threads:* scopes.

Detector changes

• FCM API Key – Removed FCM API Key checker since its API was removed.

Miscellaneous

• Add User Agent GitGuardian in HTTPClient class used by analyzers.

  Release Date: February 27, 2025

This update introduces several critical security detectors for popular services, notably expanding OpenAI detection capabilities with new Project API Key, Admin API Key, and improved Service Account detection patterns. The addition of 1Password Service Account Token detection is equally significant, as both these services represent high-value security targets. OpenAI API keys provide access to powerful AI capabilities and could lead to substantial usage charges if compromised, while 1Password tokens could potentially expose entire password vaults containing sensitive credentials across an organization.

New Detectors

• OpenAI Project API Key (v2) – Added support for detecting the new format of OpenAI project API keys.
• OpenAI Admin API Key – New detection capability for OpenAI admin API keys.
• Netlify Token (v2) – Introduced detection for the latest version of Netlify tokens.
• 1Password Service Account Token – New detector added to identify 1Password service account tokens.
• DeepSeek API Key – Now detecting DeepSeek API keys.

Improved Detection

• OpenAI Service Account – Expanded pattern coverage for better identification.
• Rails Master Key – Updated detection rules to minimize false positives.
• GitHub Tokens – Improved recall and validation for GitHub authentication tokens.
• Groq API Key – Enhanced detection rules for greater accuracy.
• Artifactory Token – New checker added to improve detection effectiveness.
• Generic Passwords – Excluded secrets containing ***** as they are likely false positives.
• Dropbox Key – Detector group split into Dropbox Key and Dropbox Access Token for improved granularity.
• FCM API Key – Validity check is no longer available since the API has been removed. While we can no longer retrieve the validity status for FCM secrets, we still detect the keys.

  Release Date: February 11, 2025

New Detectors

• SMB Credentials – New detector smb_uri to detect SMB credentials inside a connection URI.
• Microsoft Azure Storage Connection String – New detector for Azure Blob Storage connection strings and a New Checker.
• DeepSeek API Key – Added detector and New Checker for DeepSeek API.
• Netlify Token v2 – New detector added for Netlify token v2.
• 1Password Service Account Token – New detector added for 1Password service account token.

Detector Improvements

• Microsoft Azure Storage Account Key – Detector Upgrade: Removed a false positive from Microsoft Azure Storage Account Key (example from Microsoft documentation).
• Generic Password – Detector Upgrade: Removed secrets with ***** as they are likely to be false positives.
• Groq API Key – Detector Upgrade: Improved recall for Groq API.
• Netlify Token – Checker Upgrade: Updated checker to match the documentation.

Engine Enhancements

• Enabled HTTPChecker to function without a base URL.
• Network caching has been improved in some analyzers, resulting in fewer HTTP calls.

  Release Date: January 28, 2025

New Detectors

• Artifactory Token With Host
• HubSpot Private App Token

Improved Detection for GitHub Tokens

• Enhanced validation for GitHub Enterprise Token
• Refined rules for various GitHub authentication tokens:
  • OAuth Access Token
  • Personal Access Token
  • Server-to-Server Token
  • GitHub Token
  • User-to-Server Token

Browse all past GitGuardian detection engine releases below, including new and modified detectors.

December 23, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.129:
  • Added 1 detector:
    • GitLab OAuth Application Token
  • Modified 4 detectors:
    • Base64 Generic High Entropy Secret
    • GitGuardian Test Token Checked
    • MSSQL Credentials
    • Zendesk Token

December 12, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.128:
  • Added 4 detectors:
    • Jenkins API token
    • chpasswd Username Password
    • Nessus Agent Key
    • Statsig Server Secret Key
  • Modified 1 detector:
    • FTP credentials assignment

November 18, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.126:
  • Added 4 detectors:
    • X-API-Key Secret
    • Azure Functions App Key Header
    • Azure Functions App Key Query Parameter

November 4, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.125:
  • Added 4 detectors:
    • Cloudflare Tunnel Credentials
    • InfluxDB Token
    • InfluxDB Token with Host
    • Rails Master Key Assignment

October 21, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.124:
  • Added 1 detector:
    • BitBucket App Password
  • Modified 5 detectors:
    • Generic CLI Option Secret
    • MongoDB CLI Credentials
    • MySQL CLI Credentials
    • PostgreSQL CLI Credentials
    • Redis CLI Password

October 7, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.122: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • Added 3 detectors:
    • Atlassian Access Token
    • Bitbucket Access Token
    • Mistral AI API Key
  • Modified 1 detector:
    • Base64 Generic High Entropy Secret

August 26, 2024​

Secrets Detection​

Secrets detection engine upgrade to v2.120: Enhance recall and coverage while expanding the range of detectable secrets with updated detectors.

• Added 2 detectors:
  • Generic Password YAML
  • Buildkite API Token V2
• Modified 6 detectors:
  • Generic Database Assignment
  • Base64 Generic High Entropy Secret
  • Generic Password
  • Username Password
  • DigitalOcean Spaces Keys
  • reCAPTCHA Key

Note concerning the reCAPTCHA Key detector: Due to changes in the behavior of some Google APIs, we are no longer able to ensure the validity of reCaptcha keys. As this detector could be quite "noisy" the validity of the keys was a mandatory prerequisite in the detection flow and this can no longer be the case. We have however improved this detector to be as efficient as possible.

August 14, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.117: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • Added 2 detectors: Serpapi Token and Tavily API Key
  • Modified 1 detector: GitLab Token

July 15, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.116: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.

  Added 1 detector

  • JetBrains TeamCity config value
  Modified 3 generic detectors

  • Base64 Generic High Entropy Secret
  • Base64 Generic High Entropy Secret
  • Generic Password
  Modified 78 specific detectors

  We have enhanced our approach to searching for the prefix linked to the secret, considering more complex scenarios. This allows us to improve recall.

  
  

  • Adafruit IO API Key
  • Airtable API Key v2
  • Alchemy API Key
  • Amazon MWS Token
  • Checkout.com Sandbox API Secret Key
  • CircleCI Personal Token
  • Claude API Key
  • Clojars Deploy Token
  • Cloudinary API key URL
  • Contentful Content Management API Key
  • DigitalOcean OAuth Application Token V1
  • DigitalOcean Personal Access Token V1
  • DigitalOcean Refresh Token V1
  • Discord Webhook URL
  • Docker Swarm Join Token
  • Docker Swarm Unlock Key
  • EasyPost API Key
  • Firebase Cloud Messaging API Key
  • Figma Personal Access Token
  • Flutterwave API Key
  • Frame IO Token
  • GitHub fine-grained personal access token
  • GitHub Oauth Access Token
  • GitHub Personal Access Token
  • GitHub Server-to-server Token
  • GitHub User-to-server Token
  • GitLab Token
  • Grafana Cloud API Key
  • Grafana Service Account Token
  • Groq API Key
  • Heartland API key
  • Langchain API Key
  • Linear API Key
  • Base64 Midtrans API Key
  • Notion Integration Token
  • npm Token Prefixed
  • Nylas API Key
  • OpenAI Project API Key
  • Paystack Key
  • Plaid Access Token
  • PlanetScale OAuth Token
  • Postman API Key
  • PubNub Publish Key
  • Readme API Key
  • Riot Games API Key
  • RubyGems.org API Key
  • Samsara API Key
  • SendinBlue Key v3
  • Sentry Org Auth Token
  • Sentry User Auth Token v2
  • Shippo API token
  • Shopify Generic App Token
  • Shopify Private App Token
  • Slack App Token
  • Slack Configuration Refresh Token
  • Slack Configuration Token
  • Slack User Token
  • Sourcegraph Access Token v3
  • Sourcegraph Enterprise subscription Token
  • Sourcegraph License Key Token
  • Sourcegraph Access Token v2
  • Sourcegraph User Gateway Access Token
  • Sqreen Token
  • Square Access Token
  • Stripe Webhook Secret
  • Tailscale API Key
  • Tailscale OAuth Key
  • Tailscale Pre-Authentication Key
  • Tailscale SCIM Key
  • Tailscale Webhook Key
  • Typeform API Token
  • Ubidots Token
  • Vercel Blob Token
  • WakaTime API Key
  • WePay token
  • Yandex Predictor API Key
  • Zillow Key
  • Zuplo API Key

June 17, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.115: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • 4 detectors added: Sentry Org Auth Token, Sentry User Auth Token v2, Slack Configuration Refresh Token, Slack Configuration Token
  • 5 detectors updated: Equinix Authentication Token, Sentry User Auth Token v1, Signifyd API Key, Slack Bot Token, Slack User Token

June 4, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.114: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • 9 detectors added: ASP.NET Decryption Key, ASP.NET Validation Key, Langchain API Key, OpenAI Project API Key, OpenAI Service Account, Sourcegraph Enterprise Subscription Token, Sourcegraph License Key Token, Sourcegraph User Gateway Access Token, WakaTime API Key
  • 4 detectors updated: Sentry Token, Generic Database assignment, Generic FTP Assignment, Generic Username Password

May 20, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.113 with the addition of 5 new detectors (Nylas API Key,Sourcegraph Access Token v3, Duplo Cloud API Key,Fernet Key, Vercel Blob Token) and the improvement of 10 detectors (Base64 Generic High Entropy Secret, Generic Database Assignment, Generic High Entropy Secret, PostgreSQL CLI Credentials, Postgres assignment attached port, PostgreSQL Pgpass Credentials, PostgreSQL URI, Sourcegraph Access Token v2, Yelp API Key, Google Gemini API Key).

April 23, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.111 with the addition of 3 new detectors (Grafana Cloud API Key, Groq API Key, Nx Cloud Token) and the improvement of 1 detector (Generic High Entropy Secret)

April 15, 2024​

Secrets Detection​

• Secrets detection engine: Generic CLI Secret and Generic Database Assignment detectors are now supported and active by default for data sources other than VCS.
• Secrets detection engine: upgrade to version 2.110 with the addition of 4 new detectors (Dropbox Key, Midtrans API Key, Sanity Token, Zuplo API Key) and the improvements of 3 detectors (Artifactory Token, GoCardless API Key, Plivo Auth Tokens).

April 8, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.109 with the addition of 2 new detectors (Azure Open AI API key, Kubernetes Docker Secret) and the improvement of 4 detectors (GitLab Token, Google API Key, Okta Keys, Slack Bot Token)

March 18, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.108 with the addition of 3 new detectors (Snowflake API credentials, Replicate User Access Token, Workato API Key) and the improvement of 3 detectors (Rails Master Key, Generic password, Generic High Entropy secret)