> For the complete documentation index, see [llms.txt](https://docs.nullify.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nullify.ai/capabilities/code-reviews/secrets-detection.md). # Secrets Detection ## Overview Nullify prevents credential leaks and sensitive data exposure from entering your repositories as a core part of Code Review. It identifies hardcoded credentials and sensitive data that should never be in version control, then validates whether those credentials are actually live and exploitable. This combines deterministic pattern matching with NLP-based detectors and real-world validation—catching not just secrets that look dangerous, but secrets that pose an actual risk. ## Detection Highlights * **Cloud & infrastructure keys** — AWS access keys, Azure storage tokens, GCP API keys, IBM COS, HashiCorp Terraform passwords, DigitalOcean and SoftLayer credentials. * **Developer tooling** — GitHub personal access tokens, npm/yarn tokens, Slack webhooks, SendGrid API keys, Stripe, Square, Artifactory, Docker Hub, Compass tokens, and more. * **Authentication artefacts** — OAuth client secrets, JWTs, basic-auth credentials, and session identifiers. * **Sensitive data** — Email addresses, phone numbers, addresses, dates of birth, government IDs, and payment card details in English-language datasets. Every alert includes the suspected owner, expiry guidance, and a recommended rotation workflow. Duplicate events are collapsed where rotation tables already show the value. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.nullify.ai/capabilities/code-reviews/secrets-detection.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.