Secret Keyword

Description

This check attempts to identify non-standard secrets by using standard keyword conventions used to annotate secrets in custom application code. The check utilizes the following keywords:

'api_?key',
'auth_?key',
'service_?key',
'account_?key',
'db_?key',
'database_?key',
'priv_?key',
'private_?key',
'client_?key',
'db_?pass',
'database_?pass',
'key_?pass',
'password',
'passwd',
'pwd',
'secret',
'contraseña',
'contrasena',

Fix - Buildtime

Multiples services

Step 1: Revoke Secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check your application access logs to ensure the key was not utilized during the compromised period.