• Get Review Board
  • What's New
  • Products
  • Review Board Code review, image review, and document review
  • Documentation
  • Release Notes
  • Power Pack Enterprise integrations, reports, and enhanced document review
  • Try for 60 Days
  • Purchase
  • RBCommons Review Board as a Service, hosted by us
  • Pricing
  • RBTools Command line tools and Python API for Review Board
  • Documentation
  • Release Notes
  • Review Bot Automated code review, connecting tools you already use
  • Documentation
  • Release Notes
  • RB Gateway Manage Git and Mercurial repositories in your network
  • Documentation
  • Release Notes
  • Learn and Explore
  • What is Code Review?
  • Documentation
  • Frequently Asked Questions
  • Support Options
  • Third-Party Integrations
  • Demo
    • Review Board RBTools Power Pack Review Bot Djblets RB Gateway
    1. Review Bot 4.x
    2. Version 4.x
    3. Version 3.0
    4. Version 2.0
    5. Version 1.0
    6. Review Bot Tools
    7. Secret Scanner
  • Home
  • Installation
  • Manually Installing Review Bot
  • Review Bot Docker Images
  • Upgrading Review Bot
  • Configuring Review Bot
  • Review Bot Tools
  • Cargo Tool
  • Checkstyle
  • Clang Static Analyzer
  • Cppcheck
  • Cpplint
  • Doc8
  • FBInfer
  • Flake8
  • Go Fmt
  • Go Tool
  • JSHint
  • PMD
  • Pycodestyle
  • Pydocstyle
  • Pyflakes
  • RuboCop
  • Rust Fmt
  • Secret Scanner
  • ShellCheck
  • Module and Class Reference
  • reviewbot.tools.base
  • reviewbot.tools.base.mixins
  • reviewbot.tools.base.registry
  • reviewbot.tools.base.tool
  • reviewbot.testing.testcases
  • reviewbot.testing.utils
  • reviewbot.tools.testing
  • reviewbot.tools.testing.decorators
  • reviewbot.tools.testing.testcases
  • reviewbot.processing.review
  • reviewbot.utils.api
  • reviewbot.utils.filesystem
  • reviewbot.utils.log
  • reviewbot.utils.process
  • reviewbot.utils.text
  • reviewbot.celery
  • reviewbot.config
  • reviewbot.deprecation
  • reviewbot.errors
  • reviewbot.repositories
  • reviewbot.tasks
  • reviewbot.tools.cargotool
  • reviewbot.tools.checkstyle
  • reviewbot.tools.clang
  • reviewbot.tools.cppcheck
  • reviewbot.tools.cpplint
  • reviewbot.tools.doc8
  • reviewbot.tools.fbinfer
  • reviewbot.tools.flake8
  • reviewbot.tools.gofmt
  • reviewbot.tools.gotool
  • reviewbot.tools.jshint
  • reviewbot.tools.pmd
  • reviewbot.tools.pycodestyle
  • reviewbot.tools.pydocstyle
  • reviewbot.tools.pyflakes
  • reviewbot.tools.rbsecretscanner
  • reviewbot.tools.rubocop
  • reviewbot.tools.rustfmt
  • reviewbot.tools.shellcheck
  • General Index
  • Python Module Index
  • Release Notes
    •

    Secret Scanner¶

    New in version 3.0.

    Secret Scanner is a native tool provided by Review Bot that checks files for hard-coded security credentials, such as API tokens, encryption keys, account identifiers, and URLs.

    Note that some secrets have a well-defined format that can be verified, while others have a higher chance of conflicting with various forms of legitimate data.

    It is up to the author of a change to verify whether they have leaked a secret, and to revoke that secret on any affected services.

    Supported File Types¶

    All files are supported by this tool, and will be checked for secrets.

    Supported Secrets¶

    The following types of secrets are checked.

    • AWS Access Keys

    • AWS MWS Keys

    • AWS Secret Keys

    • Asana Access Tokens

    • Discord Bot Tokens

    • Discord WebHook URLs

    • Dropbox Tokens

    • Facebook Access Tokens

    • GitHub OAuth Tokens (legacy format deprecated in April 2021)

    • GitHub OAuth Tokens (modern format introduced in April 2021)

    • Google (GCP) API Keys

    • Google (GCP) Client IDs

    • Google (GCP) Service Accounts

    • Heroku API Keys

    • JSON Web Tokens

    • Mailchimp API Keys

    • Mailgun API Keys

    • NPM Access Tokens

    • PGP Private Keys

    • PyPI API Tokens

    • Review Board 5+ API Tokens

    • RSA Private Keys

    • SSH (DSA, EC, and OPENSSH) Private Keys

    • SSL Certificates

    • Slack Tokens

    • Slack WebHook URLs

    • Stripe Access Keys

    • Twilio API Keys

    • Twilio Account SIDs

    • Twitter OAuth Tokens

    Installation¶

    This tool ships with Review Bot 3.0 and higher. No additional installation is required.

    Configuration¶

    Enabling Secret Scanner in Review Board¶

    You’ll need to add a Review Bot configuration in Review Board (see Tool Configurations).

    There are no configuration options available for this tool.

    Keep up with the latest Review Board releases, security updates, and helpful information.

    About
    News
    Demo
    RBCommons Hosting
    Integrations
    Happy Users
    Support Options
    Documentation
    FAQ
    User Manual
    RBTools
    Administration Guide
    Power Pack
    Release Notes
    Downloads
    Review Board
    RBTools
    Djblets
    Power Pack
    Package Store
    PGP Signatures
    Contributing
    Bug Tracker
    Submit Patches
    Development Setup
    Wiki
    Follow Us
    Mailing Lists
    Reddit
    Twitter
    Mastodon
    Facebook
    YouTube

    Copyright © 2006-2025 Beanbag, Inc. All rights reserved.

    Terms of Service — Privacy Policy — AI Ethics Policy — Branding

    On this page

    • [Top]
    • Supported File Types
    • Supported Secrets
    • Installation
    • Configuration
      • Enabling Secret Scanner in Review Board