How Detection Works
SecretPaste uses local pattern matching to identify potential secrets in your clipboard — no data ever leaves your browser.
The Detection Pipeline
1. Clipboard Intercept
When you paste content into a supported input field, SecretPaste intercepts the paste event before it reaches the page.
2. Pattern Matching
The content is scanned against a library of regex patterns designed to identify common secret formats (API keys, tokens, passwords).
3. Local Analysis
All analysis happens in your browser. The content is never sent to any server or external service.
4. Action
If a secret is detected, SecretPaste shows a warning modal. You can choose to cancel, allow, mask the secret, or paste anyway.
Supported Patterns
SecretPaste can detect the following secret types. Free users get 5 patterns, Pro users get all 15.
Free Patterns (5)
OpenAI API Keys
Prefix: sk-
sk-abc...GitHub PAT
Prefix: ghp_
ghp_abc...GitHub OAuth
Prefix: gho_
gho_abc...AWS Access Keys
Prefix: AKIA
AKIA...Stripe Live Keys
Prefix: sk_live_
sk_live_...Pro Patterns (+10)Pro
GitHub App Token
Prefix: ghs_
ghs_...GitHub Fine-grained PAT
Prefix: github_pat_
github_pat_...AWS Session Token
Prefix: ASIA
ASIA...Stripe Restricted Key
Prefix: rk_live_
rk_live_...Anthropic API Key
Prefix: sk-ant-
sk-ant-...Google API Key
Prefix: AIza
AIza...Slack Token
Prefix: xox
xoxb-...Twilio API Key
Prefix: SK
SK...SendGrid API Key
Prefix: SG.
SG....Private Keys
Prefix: -----BEGIN
PEM headerFalse Positives
If SecretPaste incorrectly flags content, click "Allow" in the warning modal to add it to your allowlist. Future pastes of the same content won't trigger a warning.