It's time for our quarterly wrap-up! And what a start to the new year it has been for GitGuardian - we've continued to be the go-to solution for developers looking to catch hardcoded secrets, maintaining our #1 spot on GitHub Marketplace. But we're not resting on our laurels - our quest for the most comprehensive secrets detection engine continues!

At the start of the year, we already had over 350 built-in detectors in GitGuardian. But that hasn't stopped our engineering team from developing even more detectors to help security and engineering teams write more secure code.

We've released six new detectors this quarter, bringing the total number to 369! Our team also focused on improving the precision and accuracy of existing detectors.

New secret detectors released in Q1 2023

This quarter of the year was busy, with our team releasing these six new detectors.




Shopify Generic App Token Subdomain



Duo Keys

Identity provider


Docker Credentials

Package registry


LaceWork API Keys (Account & URL)



Pingdom Token



Keycloak Api Keys

Identity provider


Let's look at one of these detectors.


What does Shopify do?

Shopify is a popular e-commerce platform that allows merchants to create online stores and sell their products. Shopify provides various features and services to make it easy for merchants to manage their stores, including payment processing, shipping and fulfillment, and marketing tools.

To access these features and services, merchants need to provide Shopify with certain credentials, such as API keys, passwords, and tokens. These credentials, also known as secrets, are sensitive information that should be protected from unauthorized access.

Protect your Shopify secrets with GitGuardian!

Developers and security engineers are still grappling with the problem of "secrets sprawl." Shockingly, last year our public GitHub monitoring uncovered a 67% growth in leaked credentials, with over 10 million secrets exposed in 2022 alone! Don't let your secrets be the next victim!

GitGuardian’s automated secrets detection module helps protect these secrets by detecting and alerting users about their presence in source code repositories. The Shopify secret detector specifically looks for secrets related to Shopify apps, including API keys, secrets, access tokens, and subdomains.

When using our platform to protect Shopify secrets, users can set up alerts to notify them whenever a secret is detected in their code repositories. This allows them to take immediate action to remove the secret and prevent unauthorized access to their Shopify account.

We recommend several options to handle detected secrets, such as rotating or revoking the affected API key or access token, resetting passwords, and reviewing account activity logs to ensure no unauthorized access has occurred.

In addition to GitGuardian, merchants can follow other best practices to keep their Shopify secrets protected, such as avoiding hardcoding secrets in source code, limiting access to secrets on a need-to-know basis, and using secure secret management practices.

Overall, the Shopify secret detector provided by GitGuardian is an essential tool for protecting sensitive information related to Shopify accounts and ensuring the security of online stores. By using this detector and following best practices, merchants can minimize the risk of unauthorized access and protect their businesses from potential security threats.

Learn more about the other detectors supported by GitGuardian in our public documentation.

Unlock GitGuardian’s secret detectors from your workspace.

You can view and activate or deactivate these secret detectors from your GitGuardian workspace. Each detector also links to a specific page in the GitGuardian documentation, where you can find more detailed information on the type of secret, its scope, and how to revoke it.

Our collection of secret detectors
Our collection of secret detectors

We also worked on an integration with the AWS marketplace this quarter. This means you can now purchase and deploy our secrets detection solution directly from AWS Marketplace, streamlining the process with more convenience and flexibility!

At GitGuardian, we remain committed to being developers' best allies in detecting and preventing secret leaks. So here's to another year of progress and innovation in code security!