Release Date: August 7, 2025

This release focuses on enhancing the GitLab token detector and improving our CI processes.

Detector Improvements

• GitLab Token – Detector Upgrade: Broader regex for gitlab_personal_token_v2 to match longer tokens, enhancing detection capabilities for GitLab personal tokens.

  Release Date: July 25, 2025

This release introduces new detectors for Weights & Biases API keys and Mercado Pago access tokens, along with significant improvements to existing detectors including Azure subscription keys and Bitbucket access tokens.

New Detectors

• Weights & Biases API Key – Detects API keys for Weights & Biases services.
• Bitbucket App Password – New detector for Bitbucket app passwords to improve recall.
• Mercado Pago Access Token – Detects access tokens for Mercado Pago payment services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Mercado Pago Access Token

Detector Improvements

• Azure Subscription Key – Improved precision of Azure subscription key detector.
• X AI API Key – Properly report disabled API keys as invalid.
• Bitbucket Access Token – Restricted the detector to detect only Bitbucket repositories access tokens.
• CodeClimate Key – Deprecated CodeClimate key checker.

  Release Date: July 15, 2025

This release introduces new detectors for GitLab incoming mail tokens, Coze personal access tokens, Tavus API keys, and more. It also includes significant improvements to existing detectors and analyzers, such as those for Zendesk, Sendinblue, and Algolia, enhancing detection accuracy and performance.

New Detectors

• GitLab Incoming Mail Token – Detects tokens used for GitLab incoming mail.
• Coze Personal Access Token – Detects personal access tokens for Coze services.
• Tavus API Key – Recognizes API keys for Tavus services.
• Heroku Platform Key – Detects prefixed variants of Heroku Platform Keys.
• SSH Credentials – New detector ssh_password_with_port allows matching SSH passwords with ports.
• Tableau Cloud PAT – Detects personal access tokens for Tableau Cloud.
• Notion Integration Token v2 – Detects the new Notion token format.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Coze Personal Access Token
• Tavus API Key
• Heroku Platform Key
• Tableau Cloud PAT
• Notion Integration Token v2
• Salesforce OAuth2

Detector Improvements

• Google OAuth2 Keys – Improved precision for Google OAuth2 detector.
• Zendesk Token – ZendeskTokenAnalyzer has been rewritten in Rust for improved performance.
• Sendinblue Key – SendinblueSecretAnalyzer has been rewritten in Rust.
• Generic High Entropy Secret – No longer considers IDs in ServiceNow migration files as secrets.
• Algolia Keys – AlgoliaKeysSecretAnalyzer has been rewritten in Rust.
• Fastly Personal Token – FastlySecretAnalyzer has been rewritten in Rust.
• [Hugging Face User Access] – Migrated analyzer to Rust for improved performance.

Engine Enhancements

• All JWT detectors will now only catch signed JWTs, enhancing security.

  Release Date: July 2, 2025

This release introduces new detectors for AI71 and AMP API tokens, along with significant improvements to existing detectors and analyzers, such as those for GitHub, Slack, and DigitalOcean, enhancing detection accuracy and performance.

New Detectors

• AI71 API Key – Detects API keys for AI71 services.
• AMP API Token – Recognizes API tokens for AMP services.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• AI71 API Key
• AMP API Token

Detector Improvements

• Kubernetes Docker Secret – Enhanced detection for kubernetes.io/dockercfg secrets with more precise regex for JWTs.
• MySQL Assignment – Restricted the maximum number of secrets per document to prevent combinatorial explosion.
• Sourcegraph Token – Updated regex for sourcegraph_access_token_v3 as per customer request.
• GitHub Access Token – GitHub classic analyzer has been rewritten in Rust for improved performance.
• HashiCorp Vault Token – Improved precision for HashiCorp Vault token detection.
• Confluent Keys – Updated checker for Confluent API keys.
• GitHub Fine-Grained PAT – Analyzer now handles archived repositories.
• Slack Tokens – SlackBot analyzer has been rewritten in Rust for improved performance and applies to Slackbot, Slack App, and Slack User tokens.
• DigitalOcean Spaces Token – Fixed checker for tokens that do not have permission to list buckets.

  Release Date: June 10, 2025

This release adds 12 new detectors covering GitLab tokens, Kubernetes JWTs, Laravel encryption keys, and API keys for AI services like Dify, Firecrawl, and Llama Cloud. We've also enhanced existing detectors for Ubidots, Azure Cosmos DB, GitLab tokens, and ODBC connections to improve accuracy and reduce false positives.

New Detectors

• Laravel Encryption Key with Host – Detects Laravel encryption keys associated with a host.
• GitLab Feature Flags Client Token with Project ID – Identifies tokens and project IDs for GitLab feature management.
• Kubernetes JWT with Host – Detects JWTs used in Kubernetes environments.
• GitLab Trigger Token – Recognizes tokens for triggering GitLab pipelines.
• Brave Search API Key – Detects API keys for accessing Brave Search.
• GitLab Deploy Token – Identifies deploy tokens for managing GitLab project deployments.
• Firecrawl API Key – Detects API keys for Firecrawl services.
• Dify API Key – Detects API keys for Dify services.
• GitLab Runner Authentication Token – Captures authentication tokens for GitLab runners.
• Ubidots API Key – Detects API keys for Ubidots.
• Vapi API Key – Detects API keys for Vapi services.
• Llama Cloud API Key – Ensures detection of API keys for Llama Cloud.

New Checkers These checkers are implemented to verify the detected secrets, adding another layer of security and ensuring their validity and correct application:

• Laravel Encryption Key with Host
• GitLab Feature Flags Client Token with Project ID
• Kubernetes JWT with Host
• Brave Search API Key
• Firecrawl API Key
• Dify API Key
• GitLab Runner Authentication Token

Detector Improvements

• Ubidots Token – Now includes new secret prefixes and improved checker responses for tokens from disabled accounts.
• Azure Cosmos DB Credentials – Enhanced host pattern to improve recall and detection accuracy.
• GitLab Token – Refined pattern to minimize false positives.
• ODBC Connection String – Advanced detection precision for ODBC strings.

Engine Enhancements

• Expanded detection pattern list for encrypted strings to increase precision.
• Enhanced AssignmentRegexMatcher for N prefixed strings in SQL, supporting Microsoft SQL Server.

  Release Date: May 29, 2025

In our latest release, we have focused on refining our detection capabilities and introducing new tools to enhance the security of your digital assets. This update includes a new detector for GitLab feature flags tokens, along with significant improvements to existing detectors for AMQP credentials, Confluent keys, and Azure services.

New Detectors

• GitLab Feature Flags Client Token – Detects tokens used for managing feature flags in GitLab projects, crucial for controlling feature rollouts and ensuring smooth deployment processes.

Detector Improvements

• AMQP Credentials – Detector Upgrade: Enhanced multimatch selection to reduce false positive combinations, vital for secure message queuing in distributed systems.
• Confluent Keys – Detector Upgrade: Improved multimatch selection for better accuracy and fewer false positives, essential for managing access to Kafka clusters.
• Generic High Entropy Secret – Detector Upgrade: Excludes secrets ending with '.certificate' from being reported, reducing noise by ignoring non-sensitive certificates.
• Artifactory Token – Analyzer Upgrade: Improved stability by preventing crashes when analyzing secrets with multiple scopes, key for managing and securing software artifacts.
• Microsoft Azure Storage Connection String – Checker Upgrade: Enhanced to accept additional fields, crucial for accessing and managing Azure storage resources securely.
• Microsoft Azure Storage Account Key – Detector Upgrade: Increased precision, reducing false positives, critical for safeguarding data in cloud storage.

Miscellaneous

• Established a priority rule favoring the confluent_api_keys detector over amqp_assignment and amqp_assignment_attached_port detectors.

  Release Date: May 20, 2025

In this release, we've focused on improving detection capabilities for Azure services, given their importance in cloud infrastructure. By introducing new detectors for Azure Entra ID tokens, Communication Services, and App Configuration connection strings, we aim to strengthen the protection of sensitive Azure credentials. These enhancements are essential for maintaining robust security, enabling organizations to use Azure's features safely.

New Detectors

• Azure Entra ID Tokens – Detects tokens used for authentication within Azure's identity management service, Entra ID.
• Azure Communication Services Connection Strings – Identifies connection strings for Azure's comprehensive communication platform.
• Azure DevOps Personal Access Token – Recognizes personal access tokens used to authenticate with Azure DevOps.
• Laravel Encryption Key – Detects encryption keys used in Laravel applications for data security.
• Azure App Configuration Connection String – Identifies connection strings for managing application settings in Azure.
• X AI API Keys – Detects API keys for accessing X AI's artificial intelligence services.

Detector Improvements

• Microsoft Azure Storage Connection String – Detector Upgrade: Improved regex precision for more accurate detection.
• ODBC Connection String – Detector Upgrade: Enhanced regex precision to better identify ODBC connection strings.
• Jira Token – Detector Upgrade: Corrected host regex to accurately match ports.
• SMB Credentials – Detector Upgrade: Now allows percent sign as a separator between username and password in host matches.
• Octopus API Key – Checker Upgrade: Updated to use the correct API endpoint, resolving issues with secret validity checks.

  Release Date: April 14, 2025

We're enhancing our engine with a major focus on Artifactory secret detection. Artifactory is a critical artifact repository manager used by thousands of organizations to store, manage, and distribute software packages and dependencies. Compromised Artifactory credentials can lead to supply chain attacks, allowing attackers to poison software dependencies or access proprietary code.

Multiple new detectors have been added for Artifactory:

• Artifactory Reference Token
• Artifactory Reference Token With Host
• Artifactory Master Key
• Artifactory Basic Auth Credentials

Detector Improvements

• Snowflake Credentials – The Snowpark API credentials detector has been enhanced to identify more patterns.
• IBM Cloud Key – We reduced false positives in the IBM Platform API key detector.
• PlanetScale Database Password - Expanded detection to cover more host names for the Planetscale database password detector.
• Artifactory Token With Host - Improved precision for host names.

Browse all past GitGuardian detection engine releases below, including new and modified detectors.

December 23, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.129:
  • Added 1 detector:
    • GitLab OAuth Application Token
  • Modified 4 detectors:
    • Base64 Generic High Entropy Secret
    • GitGuardian Test Token Checked
    • MSSQL Credentials
    • Zendesk Token

December 12, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.128:
  • Added 4 detectors:
    • Jenkins API token
    • chpasswd Username Password
    • Nessus Agent Key
    • Statsig Server Secret Key
  • Modified 1 detector:
    • FTP credentials assignment

November 18, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.126:
  • Added 4 detectors:
    • X-API-Key Secret
    • Azure Functions App Key Header
    • Azure Functions App Key Query Parameter

November 4, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.125:
  • Added 4 detectors:
    • Cloudflare Tunnel Credentials
    • InfluxDB Token
    • InfluxDB Token with Host
    • Rails Master Key Assignment

October 21, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.124:
  • Added 1 detector:
    • BitBucket App Password
  • Modified 5 detectors:
    • Generic CLI Option Secret
    • MongoDB CLI Credentials
    • MySQL CLI Credentials
    • PostgreSQL CLI Credentials
    • Redis CLI Password

October 7, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.122: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • Added 3 detectors:
    • Atlassian Access Token
    • Bitbucket Access Token
    • Mistral AI API Key
  • Modified 1 detector:
    • Base64 Generic High Entropy Secret

August 26, 2024​

Secrets Detection​

Secrets detection engine upgrade to v2.120: Enhance recall and coverage while expanding the range of detectable secrets with updated detectors.

• Added 2 detectors:
  • Generic Password YAML
  • Buildkite API Token V2
• Modified 6 detectors:
  • Generic Database Assignment
  • Base64 Generic High Entropy Secret
  • Generic Password
  • Username Password
  • DigitalOcean Spaces Keys
  • reCAPTCHA Key

Note concerning the reCAPTCHA Key detector: Due to changes in the behavior of some Google APIs, we are no longer able to ensure the validity of reCaptcha keys. As this detector could be quite "noisy" the validity of the keys was a mandatory prerequisite in the detection flow and this can no longer be the case. We have however improved this detector to be as efficient as possible.

August 14, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.117: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • Added 2 detectors: Serpapi Token and Tavily API Key
  • Modified 1 detector: GitLab Token

July 15, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.116: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.

  Added 1 detector

  • JetBrains TeamCity config value
  Modified 3 generic detectors

  • Base64 Generic High Entropy Secret
  • Base64 Generic High Entropy Secret
  • Generic Password
  Modified 78 specific detectors

  We have enhanced our approach to searching for the prefix linked to the secret, considering more complex scenarios. This allows us to improve recall.

  
  

  • Adafruit IO API Key
  • Airtable API Key v2
  • Alchemy API Key
  • Amazon MWS Token
  • Checkout.com Sandbox API Secret Key
  • CircleCI Personal Token
  • Claude API Key
  • Clojars Deploy Token
  • Cloudinary API key URL
  • Contentful Content Management API Key
  • DigitalOcean OAuth Application Token V1
  • DigitalOcean Personal Access Token V1
  • DigitalOcean Refresh Token V1
  • Discord Webhook URL
  • Docker Swarm Join Token
  • Docker Swarm Unlock Key
  • EasyPost API Key
  • Firebase Cloud Messaging API Key
  • Figma Personal Access Token
  • Flutterwave API Key
  • Frame IO Token
  • GitHub fine-grained personal access token
  • GitHub Oauth Access Token
  • GitHub Personal Access Token
  • GitHub Server-to-server Token
  • GitHub User-to-server Token
  • GitLab Token
  • Grafana Cloud API Key
  • Grafana Service Account Token
  • Groq API Key
  • Heartland API key
  • Langchain API Key
  • Linear API Key
  • Base64 Midtrans API Key
  • Notion Integration Token
  • npm Token Prefixed
  • Nylas API Key
  • OpenAI Project API Key
  • Paystack Key
  • Plaid Access Token
  • PlanetScale OAuth Token
  • Postman API Key
  • PubNub Publish Key
  • Readme API Key
  • Riot Games API Key
  • RubyGems.org API Key
  • Samsara API Key
  • SendinBlue Key v3
  • Sentry Org Auth Token
  • Sentry User Auth Token v2
  • Shippo API token
  • Shopify Generic App Token
  • Shopify Private App Token
  • Slack App Token
  • Slack Configuration Refresh Token
  • Slack Configuration Token
  • Slack User Token
  • Sourcegraph Access Token v3
  • Sourcegraph Enterprise subscription Token
  • Sourcegraph License Key Token
  • Sourcegraph Access Token v2
  • Sourcegraph User Gateway Access Token
  • Sqreen Token
  • Square Access Token
  • Stripe Webhook Secret
  • Tailscale API Key
  • Tailscale OAuth Key
  • Tailscale Pre-Authentication Key
  • Tailscale SCIM Key
  • Tailscale Webhook Key
  • Typeform API Token
  • Ubidots Token
  • Vercel Blob Token
  • WakaTime API Key
  • WePay token
  • Yandex Predictor API Key
  • Zillow Key
  • Zuplo API Key

June 17, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.115: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • 4 detectors added: Sentry Org Auth Token, Sentry User Auth Token v2, Slack Configuration Refresh Token, Slack Configuration Token
  • 5 detectors updated: Equinix Authentication Token, Sentry User Auth Token v1, Signifyd API Key, Slack Bot Token, Slack User Token

June 4, 2024​

Secrets Detection​

• Secrets detection engine upgrade to version 2.114: Enhance recall and coverage while expanding the range of detectable secrets with new and updated detectors.
  • 9 detectors added: ASP.NET Decryption Key, ASP.NET Validation Key, Langchain API Key, OpenAI Project API Key, OpenAI Service Account, Sourcegraph Enterprise Subscription Token, Sourcegraph License Key Token, Sourcegraph User Gateway Access Token, WakaTime API Key
  • 4 detectors updated: Sentry Token, Generic Database assignment, Generic FTP Assignment, Generic Username Password

May 20, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.113 with the addition of 5 new detectors (Nylas API Key,Sourcegraph Access Token v3, Duplo Cloud API Key,Fernet Key, Vercel Blob Token) and the improvement of 10 detectors (Base64 Generic High Entropy Secret, Generic Database Assignment, Generic High Entropy Secret, PostgreSQL CLI Credentials, Postgres assignment attached port, PostgreSQL Pgpass Credentials, PostgreSQL URI, Sourcegraph Access Token v2, Yelp API Key, Google Gemini API Key).

April 23, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.111 with the addition of 3 new detectors (Grafana Cloud API Key, Groq API Key, Nx Cloud Token) and the improvement of 1 detector (Generic High Entropy Secret)

April 15, 2024​

Secrets Detection​

• Secrets detection engine: Generic CLI Secret and Generic Database Assignment detectors are now supported and active by default for data sources other than VCS.
• Secrets detection engine: upgrade to version 2.110 with the addition of 4 new detectors (Dropbox Key, Midtrans API Key, Sanity Token, Zuplo API Key) and the improvements of 3 detectors (Artifactory Token, GoCardless API Key, Plivo Auth Tokens).

April 8, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.109 with the addition of 2 new detectors (Azure Open AI API key, Kubernetes Docker Secret) and the improvement of 4 detectors (GitLab Token, Google API Key, Okta Keys, Slack Bot Token)

March 18, 2024​

Secrets Detection​

• Secrets detection engine: upgrade to version 2.108 with the addition of 3 new detectors (Snowflake API credentials, Replicate User Access Token, Workato API Key) and the improvement of 3 detectors (Rails Master Key, Generic password, Generic High Entropy secret)