🔐 Git Repository Tokens

Critical Security Vulnerability: Git tokens, SSH keys, and webhook secrets are exposed!

🐙 GitHub Credentials

Personal Access Token:ghp_1234567890abcdefghijklmnopqrstuvwxyzAB
Classic Token:ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ0123456789ABC
OAuth Token:gho_1234567890abcdefghijklmnopqrstuvwxyzAB
App Token:ghs_1234567890abcdefghijklmnopqrstuvwxyzAB
Username:admin-user
Webhook Secret:ghwebhook_1234567890abcdefghijklmnopqrstuvwxyz

🦊 GitLab Credentials

Personal Access Token:glpat-1234567890abcdefghij
Deploy Token:gldt-1234567890abcdefghij
Runner Token:GR1348941abcdefghij1234567890
Project ID:12345678
Webhook Secret:glwebhook_1234567890abcdefghijklmnopqrstuvwxyz

🪣 Bitbucket Credentials

App Password:ATBB1234567890abcdefghijklmnop
Access Token:BBDC-1234567890abcdefghijklmnopqrstuvwxyz
Username:bitbucket_user
Workspace:my-workspace

☁️ Azure DevOps

Personal Access Token:abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmn
Organization:my-organization
Project:my-project

🔑 SSH Keys

Private Key:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKL
MNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMN
OPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOP
QRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR
STUVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRST
UVWXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV
WXYZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWX
YZ1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
-----END RSA PRIVATE KEY-----
Public Key:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1234567890abcdefghijklmnopqrstuvwxyz user@example.com
Passphrase:MySSHPassphrase@2024!

💡 How to Secure Git Credentials:

  • Never commit tokens or SSH keys to repositories
  • Use environment variables for tokens
  • Enable token expiration and rotate regularly
  • Use fine-grained permissions (read-only when possible)
  • Store SSH keys securely with passphrases
  • Use SSH agent for key management
  • Enable 2FA on all Git provider accounts
  • Scan repositories for leaked credentials (git-secrets, truffleHog)
  • Use .gitignore to prevent committing sensitive files