We’re not ready to start an integration with the GitHub Secret Scanning, but would like to start getting ready. Specifically, we’d like to ensure any newly created API token would not need modification when we do start the integration.
Besides have “unique” patterns for reduced false positives, are there any other recommendations GitHub can make public? Blog posts, such as the PyPI integration imply some adjustments may have been made during the integration collaboration.
For example - is there any advantage to having the secret token also follow the rules for a variable name in most languages? (i.e. don’t use special characters other than underscore). GitHub itself appears to have made that choice with their recent token modifications. Does that mean such a format is more performant for the service?
Thanks for any pointers! (even to a better category)