Entro Custom Secrets: Self-Serve Detection Rules Across Code, Cloud and Agents

Meital Tohar, Product Manager

October 30, 2025

Reclaim control over your non-human identities

Get updates

All secret security right in your inbox

Enterprises are not short on surprises: a brand new AI agent spun up at 2am, a niche vendor’s API key logged in a GitHub action, a developer pasting a token into a Slack channel.

With Entro Custom Detections, security teams can now define their own detectors for bespoke secrets, esoteric new tokens and even DLP phrases, and deploy them immediately across every integrated surface of the platform: code repositories, CI/CD logs, Slack, Jira, SharePoint, ServiceNow, MCP servers and more.

What “Self-Serve” Scanning Really Means

While other vendors let you request a new secret/token detector and then wait for vendor review, those requests, if approved, are frequently limited to 5-10 detections and often only apply to code repositories.

Entro customers (depending on plan) can immediately enforce bespoke detections directly from the UI. Admins type a phrase or paste a regex in the console settings, run a quick syntax and sampled-data preview, and create a new custom detection rule, which is pushed live across the selected integrations and accounts immediately.

Not just code, custom detections run everywhere Entro watches: CI, agents, chat, collaboration and cloud.

For example:

A custom secret pattern such as finops_svc_[A-Z0-9]{10}_prod, unique to a company’s internal finance pipelines.
A specific MCP server URI like mcp://myagent-runtime.internal.ai:443/api/v1/context, used by in-house or locally run AI agents.

Custom regex, real result, a bespoke rule detecting a secret posted in Slack, enriched automatically by Entro with owner, workspace and exposure context.

Watch A Feature Demo

DLP-Friendly Phrase Detection

Not every leak in the organization is a high-entropy credential. Operational secrets, sensitive project names, credit card details or internal markers often point to sensitive exposures. Using the same Custom Detection feature Entro’s customers can define unique phrases for data loss prevention (DLP). Findings can be fed into existing DLP workflows via SIEM and SOAR integrations to quarantine/redact files, open tickets, or trigger automated playbooks in the SOC automation tools like Torq, Tines and others.

Contact us today to learn more about how Entro helps enterprises discover, contextualize, and secure every secret, NHI and AI agent in motion.