Secrets Detection

Overview

Secrets Detection is a Bifrost Enterprise guardrail provider that scans LLM request and response text for leaked credentials, API keys, access tokens, private keys, and other secret-shaped values. It runs entirely inside Bifrost. You do not need to configure an external moderation service, credentials, or provider account.

Secrets Detection is for credential leakage. For personal data such as email addresses, phone numbers, SSNs, credit-card-like numbers, and IP addresses, use the Custom Regex PII Detection template.

How It Works

Bifrost uses the embedded default rules from Gitleaks v8.30.1 for the secrets guardrail provider. At runtime:

You create a guardrail provider with provider_name: "secrets".
You attach that provider to one or more guardrail rules.
The rule decides when to run the provider and whether to scan input, output, or both.
Secrets Detection scans text blocks in the selected request/response phase.
On the first detected secret, Bifrost returns GUARDRAIL_INTERVENED with a reason such as secret detected: github-pat.

Secrets Detection currently evaluates text content. It does not inspect image pixels or binary file contents.

Supported Secret Types

The built-in rule set contains 222 Gitleaks default rules in this build. The coverage is broad, but the useful way to think about it is by credential family:

Family	Examples
Cloud provider credentials	AWS access keys and Bedrock API keys, Azure AD client secrets, GCP API keys, Alibaba Cloud keys, Yandex Cloud tokens, DigitalOcean tokens, Cloudflare keys
Source control and DevOps tokens	GitHub PATs/OAuth/App tokens, GitLab tokens, Bitbucket credentials, Atlassian tokens, Codecov, Drone CI, Travis CI, Harness, Sourcegraph
Package and artifact registry tokens	npm, PyPI, RubyGems, NuGet, Clojars, JFrog, Artifactory
AI and LLM provider keys	OpenAI, Anthropic, Cohere, Hugging Face, Perplexity, PrivateAI
Data, analytics, and monitoring keys	Databricks, Datadog, Dynatrace, Grafana, New Relic, Sentry, Sumo Logic, ClickHouse, Confluent, Algolia, Looker
Collaboration and messaging credentials	Slack tokens and webhooks, Discord tokens, Microsoft Teams webhooks, Telegram bot tokens, Mattermost, Gitter
Payments, finance, and commerce keys	Stripe, Square, Plaid, Coinbase, Kraken, KuCoin, Bittrex, Flutterwave, GoCardless, Shopify, Etsy
CRM, marketing, and support keys	HubSpot, Intercom, Zendesk, Mailchimp, Mailgun, SendGrid, Sendinblue, Contentful, Typeform
Infrastructure and secret material	HashiCorp Vault tokens, Terraform Cloud tokens, Kubernetes Secret YAML, OpenShift tokens, private keys, PKCS#12 files, Age secret keys, 1Password service account tokens, Doppler tokens
Generic credential patterns	Generic API keys, JWTs, base64 JWTs, curl authorization headers, curl basic auth user strings

Current rule IDs

1password-secret-key
1password-service-account-token
adafruit-api-key
adobe-client-id
adobe-client-secret
age-secret-key
airtable-api-key
airtable-personnal-access-token
algolia-api-key
alibaba-access-key-id
alibaba-secret-key
anthropic-admin-api-key
anthropic-api-key
artifactory-api-key
artifactory-reference-token
asana-client-id
asana-client-secret
atlassian-api-token
authress-service-client-access-key
aws-access-token
aws-amazon-bedrock-api-key-long-lived
aws-amazon-bedrock-api-key-short-lived
azure-ad-client-secret
beamer-api-token
bitbucket-client-id
bitbucket-client-secret
bittrex-access-key
bittrex-secret-key
cisco-meraki-api-key
clickhouse-cloud-api-secret-key
clojars-api-token
cloudflare-api-key
cloudflare-global-api-key
cloudflare-origin-ca-key
codecov-access-token
cohere-api-token
coinbase-access-token
confluent-access-token
confluent-secret-key
contentful-delivery-api-token
curl-auth-header
curl-auth-user
databricks-api-token
datadog-access-token
defined-networking-api-token
digitalocean-access-token
digitalocean-pat
digitalocean-refresh-token
discord-api-token
discord-client-id
discord-client-secret
doppler-api-token
droneci-access-token
dropbox-api-token
dropbox-long-lived-api-token
dropbox-short-lived-api-token
duffel-api-token
dynatrace-api-token
easypost-api-token
easypost-test-api-token
etsy-access-token
facebook-access-token
facebook-page-access-token
facebook-secret
fastly-api-token
finicity-api-token
finicity-client-secret
finnhub-access-token
flickr-access-token
flutterwave-encryption-key
flutterwave-public-key
flutterwave-secret-key
flyio-access-token
frameio-api-token
freemius-secret-key
freshbooks-access-token
gcp-api-key
generic-api-key
github-app-token
github-fine-grained-pat
github-oauth
github-pat
github-refresh-token
gitlab-cicd-job-token
gitlab-deploy-token
gitlab-feature-flag-client-token
gitlab-feed-token
gitlab-incoming-mail-token
gitlab-kubernetes-agent-token
gitlab-oauth-app-secret
gitlab-pat
gitlab-pat-routable
gitlab-ptt
gitlab-rrt
gitlab-runner-authentication-token
gitlab-runner-authentication-token-routable
gitlab-scim-token
gitlab-session-cookie
gitter-access-token
gocardless-api-token
grafana-api-key
grafana-cloud-api-token
grafana-service-account-token
harness-api-key
hashicorp-tf-api-token
hashicorp-tf-password
heroku-api-key
heroku-api-key-v2
hubspot-api-key
huggingface-access-token
huggingface-organization-api-token
infracost-api-token
intercom-api-key
intra42-client-secret
jfrog-api-key
jfrog-identity-token
jwt
jwt-base64
kraken-access-token
kubernetes-secret-yaml
kucoin-access-token
kucoin-secret-key
launchdarkly-access-token
linear-api-key
linear-client-secret
linkedin-client-id
linkedin-client-secret
lob-api-key
lob-pub-api-key
looker-client-id
looker-client-secret
mailchimp-api-key
mailgun-private-api-token
mailgun-pub-key
mailgun-signing-key
mapbox-api-token
mattermost-access-token
maxmind-license-key
messagebird-api-token
messagebird-client-id
microsoft-teams-webhook
netlify-access-token
new-relic-browser-api-token
new-relic-insert-key
new-relic-user-api-id
new-relic-user-api-key
notion-api-token
npm-access-token
nuget-config-password
nytimes-access-token
octopus-deploy-api-key
okta-access-token
openai-api-key
openshift-user-token
perplexity-api-key
pkcs12-file
plaid-api-token
plaid-client-id
plaid-secret-key
planetscale-api-token
planetscale-oauth-token
planetscale-password
postman-api-token
prefect-api-token
private-key
privateai-api-token
pulumi-api-token
pypi-upload-token
rapidapi-access-token
readme-api-token
rubygems-api-token
scalingo-api-token
sendbird-access-id
sendbird-access-token
sendgrid-api-token
sendinblue-api-token
sentry-access-token
sentry-org-token
sentry-user-token
settlemint-application-access-token
settlemint-personal-access-token
settlemint-service-access-token
shippo-api-token
shopify-access-token
shopify-custom-access-token
shopify-private-app-access-token
shopify-shared-secret
sidekiq-secret
sidekiq-sensitive-url
slack-app-token
slack-bot-token
slack-config-access-token
slack-config-refresh-token
slack-legacy-bot-token
slack-legacy-token
slack-legacy-workspace-token
slack-user-token
slack-webhook-url
snyk-api-token
sonar-api-token
sourcegraph-access-token
square-access-token
squarespace-access-token
stripe-access-token
sumologic-access-id
sumologic-access-token
telegram-bot-api-token
travisci-access-token
twilio-api-key
twitch-api-token
twitter-access-secret
twitter-access-token
twitter-api-key
twitter-api-secret
twitter-bearer-token
typeform-api-token
vault-batch-token
vault-service-token
yandex-access-token
yandex-api-key
yandex-aws-access-token
zendesk-secret-key

Configuration

Web UI
API
config.json
Helm

Go to Guardrails > Providers.
Select Secrets Detection.
Click Add Configuration.
Set a descriptive Name, for example block-leaked-credentials.
Optionally add a False-positive allowlist.
Enable the configuration and save it.
Attach the configuration to a guardrail rule under Guardrails > Configuration.

Secrets Detection guardrail configuration with a false-positive allowlist

Create the Secrets Detection provider configuration directly with the management API. The current Enterprise backend registers guardrail provider APIs at /api/guardrails/{provider}; the provider type is the path segment (secrets), and the API assigns the configuration ID after creation.

curl -X POST http://localhost:8080/api/guardrails/secrets \
  -H "Content-Type: application/json" \
  -d '{
    "name": "block-leaked-credentials",
    "enabled": true,
    "config": {
      "timeout": 5,
      "ignored_secret_keywords": ["example", "dummy", "sample-token"]
    }
  }'

To attach it through the API, fetch the generated ID with GET /api/guardrails/secrets, then reference it in selectedGuardrailProfiles on POST /api/guardrails/rules.

{
  "guardrails_config": {
    "guardrail_providers": [
      {
        "id": 10,
        "provider_name": "secrets",
        "policy_name": "block-leaked-credentials",
        "enabled": true,
        "timeout": 5,
        "config": {
          "ignored_secret_keywords": ["example", "dummy", "sample-token"]
        }
      }
    ],
    "guardrail_rules": [
      {
        "id": 101,
        "name": "block-secrets-in-prompts",
        "description": "Block prompts that contain leaked credentials",
        "enabled": true,
        "cel_expression": "headers[\"x-bf-env\"] == \"production\"",
        "query": {
          "combinator": "and",
          "rules": [
            {
              "field": "headers",
              "operator": "=",
              "value": "x-bf-env:production",
              "valueSource": "value"
            }
          ]
        },
        "apply_to": "input",
        "sampling_rate": 100,
        "timeout": 10,
        "provider_config_ids": [10]
      }
    ]
  }
}

bifrost:
  guardrails:
    providers:
      - id: 10
        provider_name: "secrets"
        policy_name: "block-leaked-credentials"
        enabled: true
        timeout: 5
        config:
          ignored_secret_keywords:
            - "example"
            - "dummy"
            - "sample-token"

    rules:
      - id: 101
        name: "block-secrets-in-prompts"
        description: "Block prompts that contain leaked credentials"
        enabled: true
        cel_expression: 'headers["x-bf-env"] == "production"'
        query:
          combinator: "and"
          rules:
            - field: "headers"
              operator: "="
              value: "x-bf-env:production"
              valueSource: "value"
        apply_to: "input"
        sampling_rate: 100
        timeout: 10
        provider_config_ids: [10]

False-Positive Allowlist

The ignored_secret_keywords setting is a list of substrings that should suppress known false positives. Bifrost normalizes these values by trimming whitespace, lowercasing them, deduplicating them, and sorting them before loading the Gitleaks detector. A finding is skipped when the detected secret value contains one of those substrings. Use this for stable test fixtures or placeholder values such as example, dummy, or a known internal sample-token prefix. Keep it narrow. A broad allowlist entry can hide real leaked credentials.

Operational Notes

Secrets Detection has no external network dependency.
It uses the default Gitleaks rule set embedded in the Enterprise build.
It intervenes on the first detected secret in the evaluated text.
Use guardrail rule apply_to to control whether prompts, responses, or both are scanned.
Use rule-level sampling_rate if you want to evaluate only a percentage of traffic.
Use Custom Regex for organization-specific patterns or PII templates that are not credential-focused.

Overview

Release Cadence

Migration Guides

Features

Governance & Access Control

Security

Secrets Detection

Overview

How It Works

Supported Secret Types

Configuration

False-Positive Allowlist

Operational Notes

Overview

Release Cadence

Migration Guides

Features

Governance & Access Control

Security

Documentation Index

​Overview

​How It Works

​Supported Secret Types

​Configuration

​False-Positive Allowlist

​Operational Notes

Overview

How It Works

Supported Secret Types

Configuration

False-Positive Allowlist

Operational Notes