Skip to main content

🔣 Sensitive Data

Escape scanners support a lot of different types of data. Here is a list of all the supported types, called scalars.

Scalar properties

Each scalar have a few key:

  • Possible names: The different names the field containing it could have in the graphql API.
  • Description: A short explaination of what it represent.
  • Patterns: A regex or a value that can be used to detect if a returned value is of this type.
  • Examples: Some examples of the scalar that can be used by Escape.
  • Parents: The graphQL types this scalar is compatible with.
  • Sensitivity: to which degree is this scalar a sensitive.

Date time

dateISO 8601 date stringLOW
datetimeISO 8601 date and time stringLOW
timeISO 8601 time stringLOW


bank_accountInternational Bank Account NumberMEDIUM
bank_cardCredit Card NumberHIGH
bitcoinBitcoin addressMEDIUM
currency_codeCurrency Code ISO 4217LOW
cvvCredit Card Verification ValueHIGH
dashDash addressMEDIUM
e_commerce_indicatore-Commerce IndicatorLOW
ethereumEthereum addressMEDIUM
moneroMonero addressMEDIUM
us_bank_account_numberUS Bank Account NumberMEDIUM
us_bank_routing_numberUS Bank Routing NumberMEDIUM
us_zip_codeUS ZIP CodeLOW


base64base64 hashLOW
bcryptbCrypt hashMEDIUM
md5MD5 hashMEDIUM
sha1SHA1 hashLOW
sha256SHA256 hashLOW


country_codeCountry CodeLOW
driving_licenseDriving License NumberMEDIUM
legal_nameFull legal nameLOW
passportPassport NumberMEDIUM
phonePhone NumberMEDIUM
street_addressStreet AddressLOW
zip_codeZip CodeLOW


adafruit_api_keyAdafruit API KeyHIGH
adobe_client_idAdobe Client ID (OAuth Web)HIGH
adobe_client_secretAdobe Client SecretHIGH
age_secret_keyAge secret keyHIGH
airtable_api_keyAirtable API KeyHIGH
algolia_api_keyAlgolia API KeyHIGH
alibaba_access_key_idAlibaba AccessKey IDHIGH
alibaba_secret_keyAlibaba Secret KeyHIGH
asana_client_idAsana Client IDHIGH
asana_client_secretAsana Client SecretHIGH
atlassian_api_tokenAtlassian API tokenHIGH
beamer_api_tokenBeamer API tokenHIGH
bitbucket_client_idBitbucket Client IDHIGH
bitbucket_client_secretBitbucket Client SecretHIGH
bittrex_access_keyBittrex Access KeyHIGH
bittrex_secret_keyBittrex Secret KeyHIGH
clojars_api_tokenClojars API tokenHIGH
codecov_access_tokenCodecov Access TokenHIGH
coinbase_access_tokenCoinbase Access TokenHIGH
confluent_access_tokenConfluent Access TokenHIGH
confluent_secret_keyConfluent Secret KeyHIGH
contentful_delivery_api_tokenContentful delivery API tokenHIGH
databricks_api_tokenDatabricks API tokenHIGH
datadog_access_tokenDatadog Access TokenHIGH
digitalocean_access_tokenDigitalOcean OAuth Access TokenHIGH
digitalocean_patDigitalOcean Personal Access TokenHIGH
digitalocean_refresh_tokenDigitalOcean OAuth Refresh TokenHIGH
discord_api_tokenDiscord API keyHIGH
discord_client_idDiscord client IDHIGH
discord_client_secretDiscord client secretHIGH
doppler_api_tokenDoppler API tokenHIGH
droneci_access_tokenDroneci Access TokenHIGH
dropbox_api_tokenDropbox API secretHIGH
dropbox_long_lived_api_tokenDropbox long lived API tokenHIGH
dropbox_short_lived_api_tokenDropbox short lived API tokenHIGH
duffel_api_tokenDuffel API tokenHIGH
dynatrace_api_tokenDynatrace API tokenHIGH
easypost_api_tokenEasyPost API tokenHIGH
easypost_test_api_tokenEasyPost test API tokenHIGH
etsy_access_tokenEtsy Access TokenHIGH
fastly_api_tokenFastly API keyHIGH
finicity_api_tokenFinicity API tokenHIGH
finicity_client_secretFinicity Client SecretHIGH
finnhub_access_tokenFinnhub Access TokenHIGH
flickr_access_tokenFlickr Access TokenHIGH
flutterwave_encryption_keyFlutterwave Encryption KeyHIGH
flutterwave_public_keyFinicity Public KeyHIGH
flutterwave_secret_keyFlutterwave Secret KeyHIGH API tokenHIGH
freshbooks_access_tokenFreshbooks Access TokenHIGH
gcp_api_keyGCP API keyHIGH
generic_api_keyGeneric API KeyHIGH
github_app_tokenGitHub App TokenHIGH
github_fine_grained_patGitHub Fine-Grained Personal Access TokenHIGH
github_oauthGitHub OAuth Access TokenHIGH
github_patGitHub Personal Access TokenHIGH
github_refresh_tokenGitHub Refresh TokenHIGH
gitlab_patGitLab Personal Access TokenHIGH
gitlab_pttGitLab Pipeline Trigger TokenHIGH
gitlab_rrtGitLab Runner Registration TokenHIGH
gitter_access_tokenGitter Access TokenHIGH
gocardless_api_tokenGoCardless API tokenHIGH
grafana_api_keyGrafana api key (or Grafana cloud api key)HIGH
grafana_cloud_api_tokenGrafana cloud api tokenHIGH
grafana_service_account_tokenGrafana service account tokenHIGH
hashicorp_tf_api_tokenHashiCorp Terraform user/org API tokenHIGH
heroku_api_keyHeroku API KeyHIGH
hubspot_api_keyHubSpot API TokenHIGH
intercom_api_keyIntercom API TokenHIGH
jwtJSON Web TokenHIGH
kraken_access_tokenKraken Access TokenHIGH
kucoin_access_tokenKucoin Access TokenHIGH
kucoin_secret_keyKucoin Secret KeyHIGH
launchdarkly_access_tokenLaunchdarkly Access TokenHIGH
linear_api_keyLinear API TokenHIGH
linear_client_secretLinear Client SecretHIGH
linkedin_client_idLinkedIn Client IDHIGH
linkedin_client_secretLinkedIn Client secretHIGH
lob_api_keyLob API KeyHIGH
lob_pub_api_keyLob Publishable API KeyHIGH
mailchimp_api_keyMailchimp API keyHIGH
mailgun_private_api_tokenMailgun private API tokenHIGH
mailgun_pub_keyMailgun public validation keyHIGH
mailgun_signing_keyMailgun webhook signing keyHIGH
mapbox_api_tokenMapBox API tokenHIGH
mattermost_access_tokenMattermost Access TokenHIGH
messagebird_api_tokenMessageBird API tokenHIGH
messagebird_client_idMessageBird client IDHIGH
microsoft_teams_webhookMicrosoft Teams WebhookHIGH
netlify_access_tokenNetlify Access TokenHIGH
new_relic_browser_api_tokenNew Relic ingest browser API tokenHIGH
new_relic_user_api_idNew Relic user API IDHIGH
new_relic_user_api_keyNew Relic user API KeyHIGH
npm_access_tokennpm access tokenHIGH
nytimes_access_tokenNytimes Access TokenHIGH
okta_access_tokenOkta Access TokenHIGH
plaid_api_tokenPlaid API TokenHIGH
plaid_client_idPlaid Client IDHIGH
plaid_secret_keyPlaid Secret keyHIGH
planetscale_api_tokenPlanetScale API tokenHIGH
planetscale_oauth_tokenPlanetScale OAuth tokenHIGH
planetscale_passwordPlanetScale passwordHIGH
postman_api_tokenPostman API tokenHIGH
prefect_api_tokenPrefect API tokenHIGH
private_keyPrivate KeyHIGH
pulumi_api_tokenPulumi API tokenHIGH
pypi_upload_tokenPyPI upload tokenHIGH
rapidapi_access_tokenRapidAPI Access TokenHIGH
readme_api_tokenReadme API tokenHIGH
rubygems_api_tokenRubygem API tokenHIGH
sendbird_access_idSendbird Access IDHIGH
sendbird_access_tokenSendbird Access TokenHIGH
sendgrid_api_tokenSendGrid API tokenHIGH
sendinblue_api_tokenSendinblue API tokenHIGH
sentry_access_tokenSentry Access TokenHIGH
shippo_api_tokenShippo API tokenHIGH
shopify_access_tokenShopify access tokenHIGH
shopify_custom_access_tokenShopify custom access tokenHIGH
shopify_private_app_access_tokenShopify private app access tokenHIGH
shopify_shared_secretShopify shared secretHIGH
sidekiq_secretSidekiq SecretHIGH
sidekiq_sensitive_urlSidekiq Sensitive URLHIGH
slack_access_tokenSlack tokenHIGH
slack_web_hookSlack WebhookHIGH
square_access_tokenSquare Access TokenHIGH
squarespace_access_tokenSquarespace Access TokenHIGH
stripe_access_tokenStripe private tokenHIGH
sumologic_access_idSumoLogic Access IDHIGH
sumologic_access_tokenSumoLogic Access TokenHIGH
telegram_bot_api_tokenTelegram Bot API TokenHIGH
travisci_access_tokenTravis CI Access TokenHIGH
twilio_api_keyTwilio API KeyHIGH
twitch_api_tokenTwitch API tokenHIGH
twitter_access_secretTwitter Access SecretHIGH
twitter_access_tokenTwitter Access TokenHIGH
twitter_api_keyTwitter API KeyHIGH
twitter_api_secretTwitter API SecretHIGH
twitter_bearer_tokenTwitter Bearer TokenHIGH
typeform_api_tokenTypeform API tokenHIGH
vault_batch_tokenVault Batch TokenHIGH
vault_service_tokenVault Service TokenHIGH
yandex_access_tokenYandex Access TokenHIGH
yandex_api_keyYandex API KeyHIGH
yandex_aws_access_tokenYandex AWS Access TokenHIGH
zendesk_secret_keyZendesk Secret KeyHIGH


cuidGlobally Unique IdentifierLOW
didDecentralized IdentifiersLOW
hex_color_codeHex Color CodeLOW
hostHost name (IP or DNS)MEDIUM
hslHue, Saturation, LightnessLOW
hslaHue, Saturation, Lightness, AlphaLOW
ipc_patentIPC PatentMEDIUM
ipv4IPv4 addressMEDIUM
ipv6IPv6 addressMEDIUM
isbnInternational Standard Book NumberLOW
jsonJSON stringLOW
language_iso_639_2Language ISO 639-2LOW
localeBCP 47 LocaleLOW
macMac AddressMEDIUM
mongo_db_object_idMongo DB Object IDLOW
pathDisk or URL PathLOW
portPort numberLOW
rgbRGB Color CodeLOW
rgbaRGBA Color CodeLOW
status_codeStatus CodeLOW
urlA URL as defined by RFC 1738LOW
uuidUniversally Unique IdentifierLOW

Custom Sensitive Data Types

It's possible to write custom scalar or override existing one using the escaperc:

"scalars": {
"custom_scalar_identifier": {
"description": **value**,
"examples": ['**value**'],
"names": ['**value**'],
"parents": ['ID | Int | String | Boolean | Float'],
"patterns": ['**value**'],
"sensitivity": 0 | 1 | 2 | 3,},


The description for the scalar


{'description': '**value**'}


Example of values for the scalar (used in the explore as default values). Careful values inputed here will be ignored by the checks


{'examples': ['**value**']}


The possible names for the scalar


{'names': ['**value**']}


The graphql default type it's compatible with


{'parents': ['ID | Int | String | Boolean | Float']}


The possible values for the scalar (regex friendly) (used for the checks)


{'patterns': ['**value**']}


The sensitivity of the data Must be one of [0, 1, 2, 3]


{'sensitivity': '0 | 1 | 2 | 3'}