Document patterns used by client-side secret detection

Problem to solve

The patterns used to detect secrets in comments/descriptions is specific to this feature. The list of patterns is not documented.

Proposal

Document the patterns that client-side secret detection uses when checking for secrets. The list of patterns is contained in the file app/assets/javascripts/lib/utils/secret_detection_patterns.js. This could be a page titled "Detected secrets", to match those of pipeline secret detection and secret push protection.

Dheeraj shared this list of patterns (to be checked against secret_detection_patterns.js):

1. GitLab Personal Access Token
2. Feed Token
3. GitLab OAuth Application Secret
4. GitLab Deploy Token
5. GitLab SCIM OAuth Access Token
6. GitLab CI Build (Job) Token
7. GitLab Feature Flags Client Token
8. GitLab Runner Token
9. GitLab Incoming Mail Token
10. GitLab Agent for Kubernetes Token
11. GitLab Pipeline Trigger Token

Who can address the issue

Anyone

Other links/references

• MR in which the "Detected secrets" pages for pipeline secret detection and secret push protection were documented.
  • Document detected secrets (!155669 - merged)
• I found out after completing the above MR that Claude AI could extract the information and format it as a Markdown table. The source file for this issue is JavaScript, not TOML, but information in that issue might be useful for this issue.
  • Review the method used to document the secrets ... (#467110 - closed)