Supported Secret Types

Radar detects over 120 types of secrets and credentials across cloud providers, AI platforms, payment services, databases, CI/CD pipelines, identity providers, SaaS tools, and more. Each detection uses format-specific patterns and contextual analysis to minimize false positives.

Continuous Updates

This page lists the most common supported types, but Radar detects many more. New detection patterns are added continuously as providers introduce new credential formats. Beyond known providers, Radar's entropy analysis and AI-powered contextual detection identify internal secrets, custom tokens, and credentials from providers not listed here. See Custom Detection Rules to add patterns for your organization's own credential formats.

Cloud Providers

Secret TypeRiskRemediation
AWS Access Key (AKIA...)CriticalDeactivate in IAM console, rotate key pair, migrate to IAM roles
AWS Secret Access KeyCriticalRotate both keys, check CloudTrail for unauthorized usage
Azure KeyHighRotate in Azure Portal, migrate to managed identities
GCP Service Account KeyCriticalDelete key in IAM & Admin, migrate to Workload Identity Federation
Alibaba Cloud AccessKeyHighRotate in Alibaba Cloud console, restrict RAM permissions
DigitalOcean Token (dop_v1_...)HighRevoke in Control Panel, generate new token with minimum scopes
Cloudflare API TokenHighRoll token in dashboard, use scoped API tokens
Heroku API KeyHighRegenerate in Heroku account settings
IBM Cloud API KeyHighRotate in IBM Cloud IAM, review activity tracker
Netlify TokenMediumRegenerate in Netlify user settings
Oracle Cloud KeyHighRotate in OCI console, review audit logs
Railway TokenMediumRegenerate in Railway dashboard
Render API KeyMediumRegenerate in Render account settings
Vercel TokenMediumRegenerate in Vercel account settings

AI and Machine Learning

Secret TypeRiskRemediation
OpenAI API Key (sk-...)HighRotate in OpenAI dashboard, review usage logs for unauthorized consumption
Anthropic API KeyHighRegenerate in Anthropic console
HuggingFace Token (hf_...)MediumRevoke in HuggingFace settings, generate new token
Mistral API KeyHighRotate in Mistral platform
Cohere API KeyMediumRegenerate in Cohere dashboard
Perplexity API KeyMediumRotate in Perplexity settings
Replicate API TokenMediumRegenerate in Replicate account
Stability AI KeyMediumRotate in Stability AI platform
Vertex AI CredentialsHighRotate GCP service account, review Cloud Audit Logs
Baseten API KeyMediumRegenerate in Baseten dashboard
LangChain API KeyMediumRotate in LangSmith settings
LangSmith API KeyMediumRotate in LangSmith settings
Pinecone API KeyMediumRegenerate in Pinecone console
Chroma TokenMediumRotate in Chroma Cloud settings
Qdrant API KeyMediumRegenerate in Qdrant Cloud
Weaviate API KeyMediumRotate in Weaviate Cloud console
Vespa TokenMediumRegenerate in Vespa Cloud

Payment Services

Secret TypeRiskRemediation
Stripe Secret Key (sk_live_...)CriticalRoll in Stripe Dashboard (supports transition period), review Event log
Stripe CLI KeyHighRegenerate in Stripe CLI settings
Square Access Token (sq0atp-...)HighRegenerate in Square Developer Dashboard
Square OAuth Secret (sq0csp-...)HighRotate in app settings
PayPal Client SecretHighRotate in PayPal Developer Portal
Adyen API KeyCriticalRotate in Adyen Customer Area
Braintree KeyHighRegenerate in Braintree Control Panel
Paddle API KeyHighRotate in Paddle dashboard
Razorpay KeyHighRegenerate in Razorpay dashboard
Revolut API KeyHighRotate in Revolut Business settings
Wise API TokenHighRegenerate in Wise API settings

Databases and Storage

Secret TypeRiskRemediation
MongoDB Connection String (mongodb+srv://...)CriticalChange password, restrict network access with IP allowlists
PostgreSQL Connection StringCriticalRotate password, review pg_stat_activity, enable SSL/TLS
MySQL Connection StringCriticalALTER USER to change password, restrict grants
Redis Connection URLHighCONFIG SET requirepass, enable TLS, restrict network access
Elasticsearch CredentialsHighRotate in Elasticsearch security settings
Firebase ConfigMediumRestrict API key in Firebase console, review security rules
Google Cloud Storage KeyHighRotate service account key, review access logs
Supabase KeyHighRotate in Supabase project settings
Cloudant (IBM) CredentialsHighRotate in IBM Cloudant dashboard

CI/CD and Deployment

Secret TypeRiskRemediation
GitHub Personal Access Token (ghp_...)HighRevoke in GitHub Settings, generate new token with minimum scopes
GitHub Actions SecretHighRotate in repository or organization settings
GitLab Personal Access Token (glpat-...)HighRevoke in GitLab Preferences, review audit events
GitLab CI TokenHighRegenerate in GitLab CI/CD settings
Bitbucket TokenHighRotate in Bitbucket app passwords
Bitbucket CI VariableHighUpdate in repository pipeline settings
Azure DevOps TokenHighRegenerate in Azure DevOps user settings
CircleCI TokenHighRegenerate in CircleCI User Settings
Travis CI TokenMediumRegenerate in Travis CI account settings
Jenkins SecretHighRotate in Jenkins Credentials store
Drone CI TokenMediumRegenerate in Drone CI account
Cloudflare Deploy TokenMediumRoll in Cloudflare Pages/Workers settings
Terraform Cloud TokenHighRegenerate in Terraform Cloud user settings
Pulumi Access TokenHighRotate in Pulumi Cloud settings

Identity Providers

Secret TypeRiskRemediation
Auth0 SecretHighRotate in Auth0 application settings, review tenant logs
Okta API TokenHighRevoke in Okta Admin Console, generate new token
Clerk Secret KeyHighRotate in Clerk dashboard
Firebase Auth CredentialsHighRotate in Firebase project settings
SuperTokens KeyMediumRegenerate in SuperTokens dashboard

Monitoring and Analytics

Secret TypeRiskRemediation
Datadog API KeyMediumRevoke in Datadog Organization Settings, update all agents
Datadog Application KeyHighRevoke in user settings
New Relic License KeyMediumRotate in New Relic Account Settings
Sentry DSNMediumCreate new Client Key in Sentry, disable old key
Amplitude API KeyMediumRegenerate in Amplitude project settings
Logtail TokenMediumRotate in Logtail source settings
Mixpanel TokenMediumRegenerate in Mixpanel project settings

Communication and Messaging

Secret TypeRiskRemediation
SendGrid API Key (SG....)HighRevoke in SendGrid dashboard, create new key with minimum permissions
Mailgun API Key (key-...)HighReset in Mailgun Control Panel
Mailchimp API KeyMediumRegenerate in Mailchimp account settings
Postmark Server TokenMediumRegenerate in Postmark dashboard
Twilio Auth TokenHighRotate in Twilio Console, review usage logs
Slack Bot Token (xoxb-...)HighRevoke in app settings, reinstall app for new tokens
Slack Webhook URLMediumRegenerate webhook URL in app settings
Discord Bot TokenHighRegenerate in Discord Developer Portal
Telegram Bot TokenMediumRevoke via BotFather, create new token
WhatsApp Cloud API TokenHighRotate in Meta Business settings
Vonage API SecretHighRegenerate in Vonage dashboard
Plivo Auth TokenHighRotate in Plivo console
Zoom API SecretMediumRegenerate in Zoom Marketplace app settings
SMTP CredentialsHighChange password at email provider

SaaS Platforms

Secret TypeRiskRemediation
Algolia API KeyMediumRegenerate in Algolia dashboard, use search-only keys client-side
Stripe CLI KeyHighRegenerate in Stripe CLI settings
Intercom Access TokenMediumRotate in Intercom developer hub
Segment Write KeyMediumRegenerate in Segment source settings
Posthog API KeyMediumRotate in Posthog project settings
Linear API KeyMediumRegenerate in Linear settings
Cloudinary CredentialsMediumRotate in Cloudinary console
Typeform TokenMediumRegenerate in Typeform account
Calendly API KeyLowRotate in Calendly integrations
Crisp TokenLowRegenerate in Crisp settings
Fathom API KeyLowRotate in Fathom settings
Imgix TokenLowRegenerate in Imgix dashboard
Saasquatch API KeyLowRotate in Saasquatch portal

Cryptographic Keys

Secret TypeRiskRemediation
RSA Private Key (-----BEGIN RSA PRIVATE KEY-----)CriticalRevoke associated certificates, generate new key pair
SSH Private Key (-----BEGIN OPENSSH PRIVATE KEY-----)CriticalRemove public key from authorized_keys on all servers, generate new pair
PGP Private Key (-----BEGIN PGP PRIVATE KEY BLOCK-----)CriticalPublish revocation certificate, generate new pair
X.509 Certificate with Private Key (.pfx, .p12)CriticalRevoke certificate with CA, generate new key and certificate

Authentication Tokens

Secret TypeRiskRemediation
JWT Signing KeyCriticalRotate signing key, invalidate all existing tokens
OAuth Client SecretHighRegenerate at identity provider (Auth0, Okta, Azure AD)
npm Access Token (npm_...)HighRevoke in npm account settings, generate new token
Artifactory TokenHighRegenerate in JFrog Artifactory settings
Basic Auth CredentialsHighChange password, migrate to token-based authentication
Bearer TokensHighRevoke at issuing service, store replacement in secret manager
Generic High-Entropy SecretsVariableIdentified through entropy analysis and contextual signals. Assess based on context

Next Steps

Secret Detection Overview

How Radar's detection engine combines pattern matching, entropy analysis, and AI context.

View Secret Findings

Navigate, filter, and understand the secret findings table.

Triage and Remediation

Rotate, revoke, and remediate detected secrets.

Custom Detection Rules

Define organization-specific patterns for internal credentials and proprietary tokens.

Previous
Overview
Next
View Findings