Register Now

GitHub Launches Token Scanning for CloudBees CodeShip’s AES Key

Codeship ProDevelopmentIntegrations

Reading Time: 2 minutes

It’s not often that we take to our blog to announce someone else’s new feature – but in this case, it’s pretty cool and we’re glad to do so.

GitHub launched a feature called token scanning not too long ago. With token scanning, they look through your repo on every commit for anything that matches regular expressions provided to them by trusted vendors to help highlight keys and tokens that should never be committed.

We think this is an awesome way to keep secrets out of your repo, and we jumped at the chance to have our own CloudBees CodeShip Pro encryption key included.

Scanning for CodeShip.aes

On CloudBees CodeShip Pro, you use the Jet CLI to encrypt your environment variables and Docker build arguments using a unique AES key created per-project (and reset whenever you need.)

This AES key is never intended to be committed to your repo – and now, if it is inadvertently committed, you’ll be notified by GitHub and can cycle the key right away!

This is both a minor deal and a major deal. Minor, because you don’t have to do anything different, and major because GitHub will help you catch any security slip in this regard immediately.


You don’t need to do anything to set this up, we partnered with GitHub to get it configured and it’s just another way we’ve worked (along with GitHub) to keep your CI/CD process safe and secure.

If you have any questions, just let us know.

Additional resources

Subscribe via Email

Over 60,000 people from companies like Netflix, Apple, Spotify and O'Reilly are reading our articles.
Subscribe to receive a weekly newsletter with articles around Continuous Integration, Docker, and software development best practices.

We promise that we won't spam you. You can unsubscribe any time.

Join the Discussion

Leave us some comments on what you think about this topic or if you like to add something.