> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Secrets Detection
> Detect leaked API keys, tokens, private keys, and credentials in LLM inputs and outputs with Bifrost Enterprise's built-in Gitleaks-backed guardrail.
## Overview
**Secrets Detection** is a Bifrost Enterprise guardrail provider that scans LLM request and response text for leaked credentials, API keys, access tokens, private keys, and other secret-shaped values.
It runs entirely inside Bifrost. You do not need to configure an external moderation service, credentials, or provider account.
Secrets Detection is for credential leakage. For personal data such as email addresses, phone numbers, SSNs, credit-card-like numbers, and IP addresses, use the [Custom Regex PII Detection template](/enterprise/guardrails/custom-regex#pii-detection-template).
## How It Works
Bifrost uses the embedded default rules from **Gitleaks v8.30.1** for the `secrets` guardrail provider.
At runtime:
1. You create a guardrail provider with `provider_name: "secrets"`.
2. You attach that provider to one or more guardrail rules.
3. The rule decides when to run the provider and whether to scan `input`, `output`, or `both`.
4. Secrets Detection scans text blocks in the selected request/response phase.
5. On the first detected secret, Bifrost returns `GUARDRAIL_INTERVENED` with a reason such as `secret detected: github-pat`.
Secrets Detection currently evaluates text content. It does not inspect image pixels or binary file contents.
## Supported Secret Types
The built-in rule set contains **222 Gitleaks default rules** in this build. The coverage is broad, but the useful way to think about it is by credential family:
| Family | Examples |
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Cloud provider credentials | AWS access keys and Bedrock API keys, Azure AD client secrets, GCP API keys, Alibaba Cloud keys, Yandex Cloud tokens, DigitalOcean tokens, Cloudflare keys |
| Source control and DevOps tokens | GitHub PATs/OAuth/App tokens, GitLab tokens, Bitbucket credentials, Atlassian tokens, Codecov, Drone CI, Travis CI, Harness, Sourcegraph |
| Package and artifact registry tokens | npm, PyPI, RubyGems, NuGet, Clojars, JFrog, Artifactory |
| AI and LLM provider keys | OpenAI, Anthropic, Cohere, Hugging Face, Perplexity, PrivateAI |
| Data, analytics, and monitoring keys | Databricks, Datadog, Dynatrace, Grafana, New Relic, Sentry, Sumo Logic, ClickHouse, Confluent, Algolia, Looker |
| Collaboration and messaging credentials | Slack tokens and webhooks, Discord tokens, Microsoft Teams webhooks, Telegram bot tokens, Mattermost, Gitter |
| Payments, finance, and commerce keys | Stripe, Square, Plaid, Coinbase, Kraken, KuCoin, Bittrex, Flutterwave, GoCardless, Shopify, Etsy |
| CRM, marketing, and support keys | HubSpot, Intercom, Zendesk, Mailchimp, Mailgun, SendGrid, Sendinblue, Contentful, Typeform |
| Infrastructure and secret material | HashiCorp Vault tokens, Terraform Cloud tokens, Kubernetes Secret YAML, OpenShift tokens, private keys, PKCS#12 files, Age secret keys, 1Password service account tokens, Doppler tokens |
| Generic credential patterns | Generic API keys, JWTs, base64 JWTs, curl authorization headers, curl basic auth user strings |
```text theme={null}
1password-secret-key
1password-service-account-token
adafruit-api-key
adobe-client-id
adobe-client-secret
age-secret-key
airtable-api-key
airtable-personnal-access-token
algolia-api-key
alibaba-access-key-id
alibaba-secret-key
anthropic-admin-api-key
anthropic-api-key
artifactory-api-key
artifactory-reference-token
asana-client-id
asana-client-secret
atlassian-api-token
authress-service-client-access-key
aws-access-token
aws-amazon-bedrock-api-key-long-lived
aws-amazon-bedrock-api-key-short-lived
azure-ad-client-secret
beamer-api-token
bitbucket-client-id
bitbucket-client-secret
bittrex-access-key
bittrex-secret-key
cisco-meraki-api-key
clickhouse-cloud-api-secret-key
clojars-api-token
cloudflare-api-key
cloudflare-global-api-key
cloudflare-origin-ca-key
codecov-access-token
cohere-api-token
coinbase-access-token
confluent-access-token
confluent-secret-key
contentful-delivery-api-token
curl-auth-header
curl-auth-user
databricks-api-token
datadog-access-token
defined-networking-api-token
digitalocean-access-token
digitalocean-pat
digitalocean-refresh-token
discord-api-token
discord-client-id
discord-client-secret
doppler-api-token
droneci-access-token
dropbox-api-token
dropbox-long-lived-api-token
dropbox-short-lived-api-token
duffel-api-token
dynatrace-api-token
easypost-api-token
easypost-test-api-token
etsy-access-token
facebook-access-token
facebook-page-access-token
facebook-secret
fastly-api-token
finicity-api-token
finicity-client-secret
finnhub-access-token
flickr-access-token
flutterwave-encryption-key
flutterwave-public-key
flutterwave-secret-key
flyio-access-token
frameio-api-token
freemius-secret-key
freshbooks-access-token
gcp-api-key
generic-api-key
github-app-token
github-fine-grained-pat
github-oauth
github-pat
github-refresh-token
gitlab-cicd-job-token
gitlab-deploy-token
gitlab-feature-flag-client-token
gitlab-feed-token
gitlab-incoming-mail-token
gitlab-kubernetes-agent-token
gitlab-oauth-app-secret
gitlab-pat
gitlab-pat-routable
gitlab-ptt
gitlab-rrt
gitlab-runner-authentication-token
gitlab-runner-authentication-token-routable
gitlab-scim-token
gitlab-session-cookie
gitter-access-token
gocardless-api-token
grafana-api-key
grafana-cloud-api-token
grafana-service-account-token
harness-api-key
hashicorp-tf-api-token
hashicorp-tf-password
heroku-api-key
heroku-api-key-v2
hubspot-api-key
huggingface-access-token
huggingface-organization-api-token
infracost-api-token
intercom-api-key
intra42-client-secret
jfrog-api-key
jfrog-identity-token
jwt
jwt-base64
kraken-access-token
kubernetes-secret-yaml
kucoin-access-token
kucoin-secret-key
launchdarkly-access-token
linear-api-key
linear-client-secret
linkedin-client-id
linkedin-client-secret
lob-api-key
lob-pub-api-key
looker-client-id
looker-client-secret
mailchimp-api-key
mailgun-private-api-token
mailgun-pub-key
mailgun-signing-key
mapbox-api-token
mattermost-access-token
maxmind-license-key
messagebird-api-token
messagebird-client-id
microsoft-teams-webhook
netlify-access-token
new-relic-browser-api-token
new-relic-insert-key
new-relic-user-api-id
new-relic-user-api-key
notion-api-token
npm-access-token
nuget-config-password
nytimes-access-token
octopus-deploy-api-key
okta-access-token
openai-api-key
openshift-user-token
perplexity-api-key
pkcs12-file
plaid-api-token
plaid-client-id
plaid-secret-key
planetscale-api-token
planetscale-oauth-token
planetscale-password
postman-api-token
prefect-api-token
private-key
privateai-api-token
pulumi-api-token
pypi-upload-token
rapidapi-access-token
readme-api-token
rubygems-api-token
scalingo-api-token
sendbird-access-id
sendbird-access-token
sendgrid-api-token
sendinblue-api-token
sentry-access-token
sentry-org-token
sentry-user-token
settlemint-application-access-token
settlemint-personal-access-token
settlemint-service-access-token
shippo-api-token
shopify-access-token
shopify-custom-access-token
shopify-private-app-access-token
shopify-shared-secret
sidekiq-secret
sidekiq-sensitive-url
slack-app-token
slack-bot-token
slack-config-access-token
slack-config-refresh-token
slack-legacy-bot-token
slack-legacy-token
slack-legacy-workspace-token
slack-user-token
slack-webhook-url
snyk-api-token
sonar-api-token
sourcegraph-access-token
square-access-token
squarespace-access-token
stripe-access-token
sumologic-access-id
sumologic-access-token
telegram-bot-api-token
travisci-access-token
twilio-api-key
twitch-api-token
twitter-access-secret
twitter-access-token
twitter-api-key
twitter-api-secret
twitter-bearer-token
typeform-api-token
vault-batch-token
vault-service-token
yandex-access-token
yandex-api-key
yandex-aws-access-token
zendesk-secret-key
```
## Configuration
1. Go to **Guardrails** > **Providers**.
2. Select **Secrets Detection**.
3. Click **Add Configuration**.
4. Set a descriptive **Name**, for example `block-leaked-credentials`.
5. Optionally add a **False-positive allowlist**.
6. Enable the configuration and save it.
7. Attach the configuration to a guardrail rule under **Guardrails** > **Configuration**.
Create the Secrets Detection provider configuration directly with the management API. The current Enterprise backend registers guardrail provider APIs at `/api/guardrails/{provider}`; the provider type is the path segment (`secrets`), and the API assigns the configuration ID after creation.
```bash theme={null}
curl -X POST http://localhost:8080/api/guardrails/secrets \
-H "Content-Type: application/json" \
-d '{
"name": "block-leaked-credentials",
"enabled": true,
"config": {
"timeout": 5,
"ignored_secret_keywords": ["example", "dummy", "sample-token"]
}
}'
```
To attach it through the API, fetch the generated ID with `GET /api/guardrails/secrets`, then reference it in `selectedGuardrailProfiles` on `POST /api/guardrails/rules`.
```json theme={null}
{
"guardrails_config": {
"guardrail_providers": [
{
"id": 10,
"provider_name": "secrets",
"policy_name": "block-leaked-credentials",
"enabled": true,
"timeout": 5,
"config": {
"ignored_secret_keywords": ["example", "dummy", "sample-token"]
}
}
],
"guardrail_rules": [
{
"id": 101,
"name": "block-secrets-in-prompts",
"description": "Block prompts that contain leaked credentials",
"enabled": true,
"cel_expression": "headers[\"x-bf-env\"] == \"production\"",
"query": {
"combinator": "and",
"rules": [
{
"field": "headers",
"operator": "=",
"value": "x-bf-env:production",
"valueSource": "value"
}
]
},
"apply_to": "input",
"sampling_rate": 100,
"timeout": 10,
"provider_config_ids": [10]
}
]
}
}
```
```yaml theme={null}
bifrost:
guardrails:
providers:
- id: 10
provider_name: "secrets"
policy_name: "block-leaked-credentials"
enabled: true
timeout: 5
config:
ignored_secret_keywords:
- "example"
- "dummy"
- "sample-token"
rules:
- id: 101
name: "block-secrets-in-prompts"
description: "Block prompts that contain leaked credentials"
enabled: true
cel_expression: 'headers["x-bf-env"] == "production"'
query:
combinator: "and"
rules:
- field: "headers"
operator: "="
value: "x-bf-env:production"
valueSource: "value"
apply_to: "input"
sampling_rate: 100
timeout: 10
provider_config_ids: [10]
```
## False-Positive Allowlist
The `ignored_secret_keywords` setting is a list of substrings that should suppress known false positives.
Bifrost normalizes these values by trimming whitespace, lowercasing them, deduplicating them, and sorting them before loading the Gitleaks detector. A finding is skipped when the detected secret value contains one of those substrings.
Use this for stable test fixtures or placeholder values such as `example`, `dummy`, or a known internal sample-token prefix. Keep it narrow. A broad allowlist entry can hide real leaked credentials.
## Operational Notes
* Secrets Detection has no external network dependency.
* It uses the default Gitleaks rule set embedded in the Enterprise build.
* It intervenes on the first detected secret in the evaluated text.
* Use guardrail rule `apply_to` to control whether prompts, responses, or both are scanned.
* Use rule-level `sampling_rate` if you want to evaluate only a percentage of traffic.
* Use [Custom Regex](/enterprise/guardrails/custom-regex) for organization-specific patterns or PII templates that are not credential-focused.