Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This SIT is also included in the All credentials bundled SIT.
Important
Because credential scanning SITs are a type of advanced classifier, you must enable advanced classification before implementing them. For information about enabling advanced classification, and about configuring endpoints and the supported file types, see Advanced classification scanning and protection.
Format
A client secret or refresh token used in OAuth 2.0 protocol.
or
A combination of 24 characters consisting of letters, digits, and special characters.
or
A combination of 32 characters consisting of letters and digits.
or
A combination of 40 characters consisting of letters and digits.
or
A combination of 44 characters consisting of letters, digits, and special characters.
or
A combination of 56 characters consisting of letters, digits, and special characters
or
A combination of 88 characters consisting of letters, digits, and special characters.
Pattern
Various client secret or refresh token formats for example:
ClientSecret:******** 
AppSecret=******** 
ConsumerKey:=******** 
Refresh_Token:******** 
or
A combination of 22 characters:
- a-z (not case-sensitive)
- digits, forward slashes, or plus signs
- ends with two equal signs (=)
for example:
abcdefgh0123456789/+AB==
or
A combination of 32 characters:
- a-f or A-F (case-sensitive)
- or 0-9
for example:
abcdef0123456789abcdef0123456789
or
A combination of 40 characters:
- a-f or A-F (case-sensitive)
or
- 0-9
for example:
Aa1Bb~2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_Jj0Kk1Ll2
or
A combination of 43 characters:
- a-z (not case-sensitive)
- 0-9
- forward slashes (/)
- or plus signs (+)
- ends with an equal sign (=)
for example:
abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=
or
A combination of 54 characters:
- a-z (not case-sensitive)
- 0-9
- forward slashes (/) or plus signs (+)
- ends with two equal signs (==)
for example:
abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEFGHIJKLMNOP==
or
A combination of 86 characters:
- a-z (not case-sensitive)
- 0-9
- forward slashes (/) or plus signs (+)
- ends with two equal signs (=)
for example:
abcdefghijklmnopqrstuvwxyz0123456789/+ABCDEabcdefghijklmnopqrstuvwxyz0123456789/+ABCDE==
Credential example
client_secret=abcdefghijklmnopqrstuvwxyz0123456789/+ABCDE=
Checksum
No
SITs that have checksums use a unique calculation to check if the information is valid. This means when the Checksum value is Yes, the service can make a positive detection based on the sensitive data alone. When the Checksum value is No additional (secondary) elements must also be detected for the service to make a positive detection.
Keyword Highlighting
Supported
When keyword highlighting is supported in the contextual summary for a sensitive information type or a trainable classifier, in the Contextual Summary view of activity explorer, the keywords in a document that were matched to a policy are highlighted.
Definition
This SIT is designed to match the security information that's known only to the OAuth application and the authorization server to exchange for an access token at runtime.
It uses several primary resources:
- Patterns of Client secret context.
- Patterns of Base64 encoded 128 bits symmetric key.
- Patterns of Hex encoded 128 bits symmetric key.
- Patterns of Hex encoded 160 bits Symmetric Key.
- Patterns of Base64 encoded 256 bits symmetric key.
- Patterns of Base64 encoded 320 bits symmetric key.
- Patterns of Base64 encoded 512 bits symmetric key.
- Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, Id, AccountName.
- Patterns of mockup values, redactions, and placeholders.
- A dictionary of vocabulary.
The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. Mockup values, redacted values, and placeholders, like credential type or usage descriptions, in the position where an actual secret value should present won't be matched.
Keywords
Keyword_ClientSecretContext:
- secret
- token
- auth
- securestring
- key
Keyword_SymmetricKey128:
- secret
- key
- password
- pw
Keyword_SymmetricKey128Hex:
- dapi
- key
- secret
- token
- password
- pw
Keyword_SymmetricKey160Hex:
- token
Keyword_SymmetricKey256:
- SharedAccessKey
- AccountKey
Keyword_SymmetricKey320:
- code=
- key
Keyword_SymmetricKey512:
- SharedAccessKey
- AccountKey