---
title: "Cloudsmith API keys are now detectable by GitHub secret scanning"
description: " Cloudsmith has joined the GitHub secret scanning partner program. This integration helps prevent unauthorized use of your API keys by automatically detecting exposed credentials before they can be exploited."
canonical_url: "https://cloudsmith.com/changelog/cloudsmith-api-keys-are-now-detectable-by-github-secret-scanning"
last_updated: "2026-07-03T11:00:16.506Z"
---
# Cloudsmith API keys are now detectable by GitHub secret scanning

Cloudsmith has joined the GitHub [secret scanning](https://docs.github.com/en/code-security/concepts/secret-security/secret-scanning) partner program. This integration helps prevent unauthorized use of your API keys by automatically detecting exposed credentials before they can be exploited.

## How it works

Cloudsmith issues API keys with a unique prefix. That prefix is registered with GitHub's secret scanning infrastructure, so when a Cloudsmith credential appears in a repo – in source code, a config file, a committed `.env`, or anywhere else GitHub indexes – GitHub detects and flags those credentials automatically.



If a leak occurs, Cloudsmith notifies the affected user and workspace owners directly to revoke or rotate the compromised key immediately.



Secret scanning runs automatically on public repositories for free. For more information about GitHub secret scanning for private repositories, see [GitHub Docs: Secret scanning - How can I access this feature?](https://docs.github.com/en/code-security/concepts/secret-security/secret-scanning#how-can-i-access-this-feature)
