GitHub has a secret scanning feature that can alert users when they accidentally commit secrets like API tokens.

GitHub partners with service providers (which maintain these API tokens) to detect leaked secrets:

Joining the secret scanning program on GitHub

• Contact GitHub to get the process started.
• Identify the relevant secrets you want to scan for and create regular expressions to capture them.
• For secret matches found in public repositories, create a secret alert service which accepts webhooks from GitHub that contain the secret scanning message payload.
• Implement signature verification in your secret alert service.
• Implement secret revocation and user notification in your secret alert service.
• Provide feedback for false positives (optional).

(https://docs.github.com/en/developers/overview/secret-scanning)

I think it would be beneficial for the community if Hex joins this program.

GitHub recently changed the format of the tokens they maintain so if we were to participate, it'd probably make sense to first consider if we should change the format of our tokens too so they could be more easily detected. For example, instead of the token format being ~r/^[a-z0-9]{32}$/, we prefix it with hex_: ~r/^hex_[a-z0-9]{32}$/.

Thoughts?