Skip to content

Secret Detection

DETAILS: Tier: Free, Premium, Ultimate Offering:, Self-managed, GitLab Dedicated

People sometimes accidentally commit secrets like keys or API tokens to Git repositories. After a sensitive value is pushed to a remote repository, anyone with access to the repository can impersonate the authorized user of the secret for malicious purposes. Most organizations require exposed secrets to be revoked and replaced to address this risk.

Secret Detection scans your repository to help prevent your secrets from being exposed. Secret Detection scanning works on all text files, regardless of the language or framework used.

GitLab has two methods for detecting secrets which can be used simultaneously:

  • The pipeline method detects secrets during the project's CI/CD pipeline. This method cannot reject pushes.
  • The secret push protection method detects secrets when users push changes to the remote Git branch. This method can reject pushes if a secret is detected.