Secret Scanner patterns

Patterns help protect sensitive data and improve your team's security posture. By default, the Secret Scanner searches using a variety of default secret patterns. You can also add your team's proprietary third-party app tokens that aren't supported yet using custom patterns in the Secret Scanner dashboard.

The Secret Scanner Configure patterns interface

Default patterns

The Secret Scanner checks for tokens issued by common service providers, including Amazon, Google, GitHub, Stripe, and Twilio for all Postman plans. To view the complete list of default patterns, open Secret Scanner and select Configure patterns.

Custom patterns

Secret Scanner custom patterns are available with the Postman Enterprise plan with the Advanced Security Admin add-on.

You can use custom patterns to scan your team's proprietary tokens and any third-party app tokens that aren't scanned by default. You can also dry run custom patterns before adding them to the Secret Scanner, enabling you to test the results that the custom pattern returns.

Your team can add a total of five patterns. You must be a Community Manager or team member with both the Developer and Admin roles to add custom patterns.

Create a custom pattern

To add custom patterns, do the following:

  1. Select Team > Team Settings in the Postman header. Click Secret Scanner in the left sidebar, then select the Configure patterns tab.

  2. In the Custom patterns section, click Add icon Add.

  3. In the Pattern details section, enter the following details for the custom token:

    • Name - The name of your custom pattern.
    • Regex - The regular expression (regex) that defines the secret's pattern.
    • Sample value - A sample value used to validate the pattern.

  4. In the Scan activation section, select one of the following:

    • Add pattern to secret scanner - Add the discovered secrets to the Secrets detected tab in the Secret Scanner dashboard. By default, the Scan existing elements checkbox is selected, meaning the Secret Scanner uses the custom pattern to scan existing elements. To only scan elements added after you create the pattern, clear the Scan existing elements checkbox.
    • Dry run the pattern first with select workspaces - Dry run the custom pattern before adding it to the Secret Scanner. You can select up to 20 public workspaces, internal workspaces, or Partner Workspaces for the dry run. The results of the dry run won't be added to the Secrets detected tab in the dashboard. Learn more about creating a custom pattern dry run.

  5. Click Add Custom Pattern or Dry Run Pattern, depending on the option you selected in the Scan activation section.

    Create custom pattern

Edit a custom pattern

To edit a custom pattern, click Edit icon Edit next to a custom pattern. Edit the name or regular expression, update the sample value, then select Save. If you edited the regular expression, select one of the following to confirm your changes:

  • Keep Existing Leaks - Show detected secrets in the Secrets detected tab that are associated with earlier iterations of this custom pattern.
  • Remove Existing Leaks - Remove detected secrets from the Secrets detected tab that are associated with earlier iterations of this custom pattern.

When you edit a regular expression in a custom pattern, the updated regular expression is used to scan new elements only. To scan existing elements with the changes to the pattern, create a new custom pattern and make sure the Scan existing elements checkbox is selected.

To delete a custom pattern, click Delete icon Delete next to a custom pattern. Then click Delete to confirm. When you delete a custom pattern, all detected secrets associated with this pattern are removed from the Secrets detected tab in the dashboard.

Dry run custom patterns

When you create a custom pattern, you can choose to dry run the regular expression pattern before adding it to the Secret Scanner. This enables you to test the results that the regular expression pattern returns.

You can dry run the pattern on up to 20 public workspaces, internal workspaces, or Partner Workspaces. If the dry run works as expected, you can add the custom pattern to the Secret Scanner, enabling your team to review the results in your dashboard.

The results of the dry run won't be added to the Secrets detected tab in the dashboard. You must manually add the custom pattern to the Secret Scanner.

To dry run a custom pattern, do the following:

  1. Add a custom pattern, and select Dry run the pattern first with select workspaces in the Scan activation section.

  2. Select up to 20 workspaces to scan.

  3. Click Dry Run Pattern.

    Create custom pattern dry run

To view the dry run results and add the custom pattern, do the following:

  1. Click the Configure patterns tab.

  2. In the Custom patterns section, click View results next to the custom pattern when the dry run finishes. You can select results from the dry run to view more details. To run the scan again, click Re-run Scan in the top right of Results from dry run page.

  3. If the dry run performed as expected, you can add the custom pattern to the Secret Scanner, where you can view the results in the dashboard. In the Results from dry run page, click Add Pattern to Secret Scanner.

    Custom pattern dry run results

    To make changes to the dry run, click Delete icon Delete next to the custom pattern in the dashboard. Then add the custom pattern and dry run it again with your changes.

  4. To confirm, select one of the following:

    • Ignore Existing Elements - Scan only new elements with this custom pattern.
    • Scan Existing Elements - Scan new and existing elements with this custom pattern.

Last modified: 2025/08/13

Postmanaut Cooper jumping over crystal ball. Illustration.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

Popular videos

Postman Flows: Build API Applications Visually
Streamline LLM Integration with Postman's AI Protocol
API Basics: What is an API and How Does It Work?