{"meta":{"title":"Secure your secrets at scale with GitHub","intro":"Leaked credentials expose your organization to data breaches. GitHub Secret Protection detects and prevents secret leaks automatically. Follow this adoption path to assess risk, pilot the solution, and scale protection organization-wide.","product":"Security and code quality","breadcrumbs":[{"href":"/en/code-security","title":"Security and code quality"},{"href":"/en/code-security/tutorials","title":"Tutorials"},{"href":"/en/code-security/tutorials/secret-protection-adoption-path","title":"Secret protection"}],"documentType":"article"},"body":"# Secure your secrets at scale with GitHub\n\nLeaked credentials expose your organization to data breaches. GitHub Secret Protection detects and prevents secret leaks automatically. Follow this adoption path to assess risk, pilot the solution, and scale protection organization-wide.\n\n## Links\n\n### Quick start: Essential reading\n\n* [Secret leakage risks](/en/code-security/concepts/secret-security/secret-leakage-risks)\n\n  Secrets like API keys, passwords, and tokens committed to repositories can be exploited by unauthorized users, creating security, compliance, and financial risk to your organization.\n\n* [About secret scanning](/en/code-security/concepts/secret-security/about-secret-scanning)\n\n  Prevent fraudulent use of your secrets by automatically detecting exposed credentials before they can be exploited.\n\n* [Interpreting secret risk assessment results](/en/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results)\n\n  Understand the results from your secret risk assessment and prioritize leak remediation.\n\n* [Assessing the impact of GitHub Secret Protection](/en/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact)\n\n  Measure how GitHub Secret Protection reduces secret exposure across your organization, so you can demonstrate value and identify areas to strengthen your security posture.\n\n* [About push protection](/en/code-security/concepts/secret-security/about-push-protection)\n\n  Secure your secrets by stopping them from ever reaching your repository with push protection.\n\n### Phase 1: Assess your current secret risk\n\n* [Secret leakage risks](/en/code-security/concepts/secret-security/secret-leakage-risks)\n\n  Secrets like API keys, passwords, and tokens committed to repositories can be exploited by unauthorized users, creating security, compliance, and financial risk to your organization.\n\n* [Running the secret risk assessment for your organization](/en/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk)\n\n  Determine your organization's exposure to leaked secrets by generating a secret risk assessment report.\n\n* [Interpreting secret risk assessment results](/en/code-security/tutorials/secure-your-organization/interpreting-secret-risk-assessment-results)\n\n  Understand the results from your secret risk assessment and prioritize leak remediation.\n\n* [Viewing your security risk assessment reports](/en/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/viewing-your-security-risk-assessment-reports)\n\n  Understand your organization's exposure to leaked secrets and code vulnerabilities by viewing your most recent security risk assessment reports.\n\n### Phase 2: Evaluate GitHub Secret Protection\n\n* [About secret scanning](/en/code-security/concepts/secret-security/about-secret-scanning)\n\n  Prevent fraudulent use of your secrets by automatically detecting exposed credentials before they can be exploited.\n\n* [About push protection](/en/code-security/concepts/secret-security/about-push-protection)\n\n  Secure your secrets by stopping them from ever reaching your repository with push protection.\n\n* [Supported secret scanning patterns](/en/code-security/reference/secret-security/supported-secret-scanning-patterns)\n\n  Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.\n\n* [Estimating the price of Secret Protection](/en/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/estimating-the-price-of-secret-protection)\n\n  Learn how to use the pricing calculator to estimate the monthly cost of GitHub Secret Protection for your repositories.\n\n* [Calculating the cost savings of push protection](/en/code-security/tutorials/remediate-leaked-secrets/calculating-the-cost-savings-of-push-protection)\n\n  Estimate the remediation time and labor costs you'll avoid by preventing leaked secrets.\n\n* [Setting up a trial of GitHub Advanced Security](/en/code-security/tutorials/trialing-github-advanced-security/trial-advanced-security)\n\n  You can try the full set of GitHub Advanced Security features for free.\n\n### Phase 3: Pilot GitHub Secret Protection\n\n* [Best practices for selecting pilot repositories](/en/code-security/concepts/security-at-scale/best-practices-for-selecting-pilot-repositories)\n\n  The right pilot repositories demonstrate value quickly and prepare your organization for broader enablement of GitHub Secret Protection.\n\n* [Pricing and enabling GitHub Secret Protection](/en/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets)\n\n  Secure your organization's secrets within your budget by enabling GitHub Secret Protection.\n\n* [Enabling push protection for your repository](/en/code-security/how-tos/secure-your-secrets/prevent-future-leaks/enabling-push-protection-for-your-repository)\n\n  With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.\n\n* [Remediating a leaked secret in your repository](/en/code-security/tutorials/remediate-leaked-secrets/remediating-a-leaked-secret)\n\n  Learn how to respond effectively to a leaked secret in your GitHub repository.\n\n### Phase 4: Monitor and assess value\n\n* [Assessing the impact of GitHub Secret Protection](/en/code-security/tutorials/remediate-leaked-secrets/assessing-ghsp-impact)\n\n  Measure how GitHub Secret Protection reduces secret exposure across your organization, so you can demonstrate value and identify areas to strengthen your security posture.\n\n* [Secret scanning push protection metrics](/en/code-security/concepts/secret-security/push-protection-metrics)\n\n  Understand push protection's performance across your organizations.\n\n* [Organizing remediation efforts for leaked secrets](/en/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets)\n\n  Systematically organize and manage the remediation of leaked secrets using security campaigns and alert assignments.\n\n* [Evaluating alerts from secret scanning](/en/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts)\n\n  Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret's validity.\n\n### Phase 5: Scale, customize, and automate\n\n* [Applying a custom security configuration](/en/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-a-custom-security-configuration)\n\n  You can apply your custom security configuration to repositories in your organization to meet the specific security needs of those repositories.\n\n* [Defining custom patterns for secret scanning](/en/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning)\n\n  Protect your unique secret types by defining custom patterns with regular expressions.\n\n* [Enabling delegated bypass for push protection](/en/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection)\n\n  Control who can push code containing secrets by requiring bypass approval from designated reviewers.\n\n* [Enabling secret scanning for non-provider patterns](/en/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns)\n\n  You can enable secret scanning to detect additional potential secrets at the repository and organization levels.\n\n* [Enabling Copilot secret scanning's generic secret detection](/en/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-ai-powered-generic-secret-detection)\n\n  You can enable generic secret detection for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the secret scanning alerts page.\n\n* [Scanning for secrets with the GitHub MCP server](/en/code-security/how-tos/use-ghas-with-ai-coding-agents/scan-for-secrets-with-github-mcp-server)\n\n  Detect exposed secrets in real time from your AI coding agent, before they ever reach your repository."}