Secret scanning and auto reset Discord Token

[Merlode11]

Select Topic Area

Question

Body

Hello,

I am really invested about the security in Discord, to have a peaceful place to be.
For that, I had a fonctionnality on my app (old bot), wich detect on Discord valid discord tokens. Once a Discord token is detected, my bot was used to send it in a repository on github to reset it and send a warning to the bot owner.

But I see that I have now this error when I try to push to github a token:

{
  message: 'Repository rule violations found\n\nSecret detected in content\n\n',
  metadata: { secret_scanning: { 'bypass_placeholders': [Array] } },
  documentation_url: 'https://docs.github.com/rest/repos/contents#create-or-update-file-contents',
  status: '409'
}

I tried next to upload myself a Discord token, and it does nothing when I have the Secret scanning disabled on my repository. When I have the secret scanning enabled, I have an error, but when I force, it does not reset the token.

Is there so a way to GitHub reset again the token, or do you have any other idea to make this feature. Or if I have to simply forget this one.

Thank you a lot for your answers

[aashah]

Do you have push protection on?

[Merlode11]

No, but the push protection blocks the push (obviously). But does Push Protection reset the token ?

[aashah]

No, but the push protection blocks the push (obviously)

Not sure what you mean by this. It's either on, and blocking pushes...or off. Sounds like it is on and is blocking your push. If you wish to continue with your goal, you'll want to turn it off.

does Push Protection reset the token ?

No.

[aashah]

It's not entirely clear what the state of Secret Scanning enablement is though.

[danialtavakoli]

GitHub’s secret scanning prevents you from pushing Discord tokens, blocking this functionality. Instead, handle token detection locally on your bot and notify users directly without pushing tokens to GitHub. Alternatively, use a secure external service to log incidents, or consider removing the feature entirely for security reasons.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬