[](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Cortex Cloud logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/cortexcloud-logo-dark.svg)](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * Use Cases ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Use Cases Use Cases * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) Real-time cloud security powered by unified data, AI and automation * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) Prevent risks at the source * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) Rapidly prioritize and remediate risks across any cloud * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) Stop cloud attacks before they become breaches * [Security Operations](https://www.paloaltonetworks.com/cortex?ts=markdown) Detect, investigate and respond to threats across enterprise and cloud * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [IaC Security](https://www.paloaltonetworks.com/cortex/cloud/infrastructure-as-code-security?ts=markdown) * [Software Composition Analysis](https://www.paloaltonetworks.com/cortex/cloud/software-composition-analysis?ts=markdown) * [Secrets Security](https://www.paloaltonetworks.com/cortex/cloud/secrets-security?ts=markdown) * [Open Partner Ecosystem](https://www.paloaltonetworks.com/cortex/cloud/appsec-partner-ecosystem?ts=markdown) [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Vulnerability Management](https://www.paloaltonetworks.com/cortex/cloud/vulnerability-management?ts=markdown) * [Cloud Attack Surface Management (ASM)](https://www.paloaltonetworks.com/cortex/cloud/attack-surface-management?ts=markdown) [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Cloud Detection and Response (CDR)](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Container \& Kubernetes Security](https://www.paloaltonetworks.com/cortex/cloud/container-security?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [API Security](https://www.paloaltonetworks.com/cortex/cloud/api-security?ts=markdown) * [Web Application Security](https://www.paloaltonetworks.com/cortex/cloud/web-application-security?ts=markdown) [Security Operations](https://www.paloaltonetworks.com/cortex/?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Government](https://www.paloaltonetworks.com/cortex/cloud/government?ts=markdown) * [Product Tours](https://www.paloaltonetworks.com/cortex/cloud/product-tours?ts=markdown) * Resources ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Resources Learn * [Blog](https://www.paloaltonetworks.com/blog/cloud-security?ts=markdown) * [Cloud Research](https://www.paloaltonetworks.com/cortex/cloud/research?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Live Community](https://live.paloaltonetworks.com/) * [Interactive Workshops](https://www.paloaltonetworks.com/cortex/cloud/interactive-workshops?ts=markdown) Product Information * [Technical Documentation](https://docs.paloaltonetworks.com/) * [Open Source Projects](https://www.paloaltonetworks.com/cortex/cloud/open-source-projects?ts=markdown) * [Support](https://support.paloaltonetworks.com/Support/Index) Resources * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Customer Success Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Resource Center](https://www.paloaltonetworks.com/resources?ts=markdown) * [Events](https://events.paloaltonetworks.com) * * [Request a Demo](https://www.paloaltonetworks.com/cortex/cloud/demo?ts=markdown) ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) Search Close search modal *** ** * ** *** # Secrets Security A full-stack, multidimensional approach to finding and securing exposed and vulnerable secrets across all files in your repositories and CI/CD pipelines. [Request a demo](https://www.paloaltonetworks.com/cortex/cloud/trial?ts=markdown) ![secrets-gitlab](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/secret-management-hero-front.png) ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) ![secrets-gitlab](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/secret-management-hero-front.png) ON DEMAND ![virtual event](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/aspm/cortex-cloud_L2-appsec_ASPM-launch_event-announcement_web-recommended-tile_180x180.jpg) AppSec's New Horizon What's next in application security. Only on Cortex Cloud. --- [Watch now](https://start.paloaltonetworks.com/appsecs-new-horizon-virtual-event.html) WHY IT MATTERSOUR APPROACHCAPABILITIES * [WHY IT MATTERS](#why) * [OUR APPROACH](#approach) * [CAPABILITIES](#modules) {#why} Developers use secrets to enable their applications to securely communicate with other cloud services. Storing secrets in a file in version control systems (VCS) like GitHub is not secure, creating potential vulnerabilities that can be exploited. This often happens when developers leave their secrets in the source code. Once a secret is committed into a repo, it is saved in its history, and any user can easily access those keys. This is especially risky if the repo contents are made public, making that resource easily found and utilized by threat actors. Most tools only selectively scan for secrets at just one phase of the application lifecycle and can miss certain types of secrets altogether. Cortex^®^ Cloud can ensure no secret is accidentally exposed while minimizing false positives and maintaining development velocity. --- ### Hard-coded secrets are common for cloud-native development. Hardcoded credentials are easier for developers to use and access but are not a best practice. It's especially dangerous in matrixed development organizations and within cloud-based repos. Unfortunately, they are commonplace, with over 41% of repos containing secrets. ### Public exposure amplifies risk. Secrets can often be exposed in public repositories in your VCS or registry. Additionally, any secret added directly to source code, IaC, CI/CD configuration files, etc. may be visible in a VCS or can be accidentally exposed in build logs. ### Siloed tooling causes coverage gaps. Standalone secrets scanners often lack consistent coverage across both build and runtime. Without being embedded into a broader CNAPP strategy, organizations are left with an incomplete picture of risk. ## Cortex Cloud makes it seamless for developers to prevent exposed secrets in build and runtime. By integrating into DevOps tools and across code, build, deploy, and runtime, Cortex Cloud continuously scans for exposed secrets across the entire development lifecycle. With a powerful multidimensional approach that combines both a signature-based policy library and a fine-tuned entropy model, Cortex Cloud identifies secrets in nearly any file type, from IaC templates, golden images, and Git repositories. * Multiple detection methods identify complex secrets like random strings or passwords. * Risk factors provide context for secrets to streamline prioritization and remediation. * Natively integrated into developer tools and workflows. * ![100+ signature library.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_1.svg) 100+ signature library. * ![Fine-tuned entropy model.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_2.svg) Fine-tuned entropy model. * ![Supply chain visualization.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_3.svg) Supply chain visualization. * ![Broad coverage.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_4.svg) Broad coverage. * ![Detection pre-commit in VCS and CI pipelines.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_5.svg) Detection pre-commit in VCS and CI pipelines. * ![Detection in running workloads and apps.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_6.svg) Detection in running workloads and apps. {#approach} Solution ## A Developer-First, Multidimensional Approach to Secrets Security ### Precise detection Secrets using regular expressions (access tokens, API keys, encryption keys, OAuth tokens, certificates, etc.) are the most commonly identified. Cortex Cloud leverages over 100 signatures to detect and alert on the wide array of secrets with known, predictable expressions. * #### Vast coverage 100+ domain-specific secret detectors ensure precise alerting in both build and runtime. \* #### Broad and deep scanning Scan for secrets in all files in your repositories and the version histories across your integrations. [![Precise detection](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/precise-detection-updated.png)](#prismastickyimagecomapproach1_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_en_US_pan_content_) ### Fine-tuned entropy model Not all secrets are consistent or identifiable patterns. For example, random string usernames and passwords wouldn't be detected by signature based methods because they're random, potentially leaving "keys to the kingdom" exposed and publicly accessible. Cortex Cloud augments signature-based detection with a fine-tuned entropy model. * #### Fine-tuned entropy model Eliminate false positives with a fine-tuned entropy model that leverages string context to precisely identify complex secret types. \* #### Unrivaled visibility Gain comprehensive visibility and control across the vast landscape of secrets used by cloud developers. [![Fine-tuned entropy model](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/fine-tuned-entropy-model.png)](#prismastickyimagecomapproach2_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_en_US_pan_content_) ### Developer feedback Developers can analyze risks associated with exposed or vulnerable secrets in a few different ways: * #### Projects Native integrations in dev workflows and seamlessly surface detected secrets within a file that is non-compliant. \* #### Supply chain The Supply Chain Graph displays the source code file nodes. A detailed investigation into the dependency tree helps developers identify the root cause of secret exposure. \* #### Pull request comments Users can spot potentially leaked secrets as part of their pull request scans, which can be easily removed. \* #### Pre-Commit hooks and CI integrations Leverage the pre-commit hook to block secrets from being pushed to a repository before a pull request is opened. [![Developer feedback](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/4-3-dev-feedback.png)](#prismastickyimagecomapproach4_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_en_US_pan_content_) {#modules} ## Additional Application Security capabilities ### INFRASTRUCTURE AS CODE SECURITY Automated IaC security embedded in developer workflows [Learn more](https://www.paloaltonetworks.com/cortex/cloud/infrastructure-as-code-security?ts=markdown) ### SOFTWARE COMPOSITION ANALYSIS (SCA) Highly accurate and context-aware open source security and license compliance [Learn more](https://www.paloaltonetworks.com/cortex/cloud/software-composition-analysis?ts=markdown) ### SOFTWARE SUPPLY CHAIN SECURITY Harden your CI/CD pipelines, reduce your attack surface and protect your application development environment. [Learn more](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) ### INFRASTRUCTURE AS CODE (IaC) SECURITY Identify and fix misconfigurations in Terraform, CloudFormation, ARM, Kubernetes, and other IaC templates [Learn more](https://www.paloaltonetworks.com/cortex/cloud/infrastructure-as-code-security?ts=markdown) {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language