diff --git a/signatures.yaml b/signatures.yaml
index 88b1c54d..3c16d36b 100644
--- a/signatures.yaml
+++ b/signatures.yaml
@@ -1,309 +1,310 @@
 ---
 - Amazon:
-  - Access Key: (?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA|ABIA|ACCA)[A-Z0-9]{16}
-  - Secret Access Key: (?<![A-Za-z0-9\/+])[A-Za-z0-9\/+=]{40}(?![A-Za-z0-9\/+=])
-  # - Cognito User Pool ID: (?i)us-[a-z]{2,}-[a-z]{4,}-\d{1,}
-  - RDS Password: (?i)(rds\-master\-password|db\-password)
-  - SNS Confirmation URL: (?i)https:\/\/sns\.[a-z0-9-]+\.amazonaws\.com\/?Action=ConfirmSubscription&Token=[a-zA-Z0-9-=_]+
-  - MWS Token: (amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
-  - AppSync GraphQL Key: \bda2-[a-z0-9]{26}
+    - Access Key: (?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA|ABIA|ACCA)[A-Z0-9]{16}
+    - Secret Access Key: (?<![A-Za-z0-9\/+])[A-Za-z0-9\/+=]{40}(?![A-Za-z0-9\/+=])
+    # - Cognito User Pool ID: (?i)us-[a-z]{2,}-[a-z]{4,}-\d{1,}
+    - RDS Password: (?i)(rds\-master\-password|db\-password)
+    - SNS Confirmation URL: (?i)https:\/\/sns\.[a-z0-9-]+\.amazonaws\.com\/?Action=ConfirmSubscription&Token=[a-zA-Z0-9-=_]+
+    - MWS Token: (amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})
+    - AppSync GraphQL Key: \bda2-[a-z0-9]{26}
 
 - Microsoft:
-  # - Azure account key
-  # - Azure account name
-  - Azure Connection String: (?i)(.*.windows.net).+(password)
-  - Azure Endpoint Key: (?i)(defaultendpointsprotocol).+(key).+
-  - Client Secret: (?i)(?:client_secret|ClientSecret)[\s:\"]{0,3}[a-zA-Z0-9\-_]{36,}
-  - Graph API Key: (?i)MSGRAPH_[a-zA-Z0-9\-_]{20,40}
-  - Outlook Webhook URL: (?i)https:\/\/outlook\.office\.com\/webhook\/[A-Za-z0-9\-]{60,}
+    # - Azure account key
+    # - Azure account name
+    - Azure Connection String: (?i)(.*.windows.net).+(password)
+    - Azure Endpoint Key: (?i)(defaultendpointsprotocol).+(key).+
+    - Client Secret: (?i)(?:client_secret|ClientSecret)[\s:\"]{0,3}[a-zA-Z0-9\-_]{36,}
+    - Graph API Key: (?i)MSGRAPH_[a-zA-Z0-9\-_]{20,40}
+    - Outlook Webhook URL: (?i)https:\/\/outlook\.office\.com\/webhook\/[A-Za-z0-9\-]{60,}
 
 - DigitalOcean:
-  - API Key: (?i)do_[a-z0-9]{60}
+    - API Key: (?i)do_[a-z0-9]{60}
 
 - Shopify:
-  - Custom App Token: (?i)shpca_[a-fA-F0-9]{32}
-  - Shared Secret Token: (?i)shpss_[a-fA-F0-9]{32}
-  - Access Token: (?i)shpat_[a-fA-F0-9]{32}
-  - Private Access Token: (?i)shppa_[a-fA-F0-9]{32}
+    - Custom App Token: (?i)shpca_[a-fA-F0-9]{32}
+    - Shared Secret Token: (?i)shpss_[a-fA-F0-9]{32}
+    - Access Token: (?i)shpat_[a-fA-F0-9]{32}
+    - Private Access Token: (?i)shppa_[a-fA-F0-9]{32}
 
 - Twilio:
-  - SendGrid API Key: \b(?i)SG\.[\w\-_]{20,24}\.[\w\-_]{39,50}\b
-  - Account SID: \bAC[a-zA-Z0-9_\-]{32}\b
-  - App SID: \bAP[a-zA-Z0-9_\-]{32}\b
-  - API Key: \bSK[0-9a-fA-F]{32}\b
-  - Access Token: \b(?i)55[0-9a-fA-F]{32}\b
-
-- Atlassian: 
-  - JIRA Token: (?i)(jira_token)
-  - Bitbucket Data Center Access Token: BBDC-[a-zA-Z0-9+]{44}
-  - Confluence API Key: (?i)confluence[a-zA-Z0-9_]{12,}
-  - App Password: (?i)(bbp_[a-zA-Z0-9]{32})
+    - SendGrid API Key: \b(?i)SG\.[\w\-_]{20,24}\.[\w\-_]{39,50}\b
+    - Account SID: \bAC[a-zA-Z0-9_\-]{32}\b
+    - App SID: \bAP[a-zA-Z0-9_\-]{32}\b
+    - API Key: \bSK[0-9a-fA-F]{32}\b
+    - Access Token: \b(?i)55[0-9a-fA-F]{32}\b
+
+- Atlassian:
+    - JIRA Token: (?i)(jira_token)
+    - Bitbucket Data Center Access Token: BBDC-[a-zA-Z0-9+]{44}
+    - Confluence API Key: (?i)confluence[a-zA-Z0-9_]{12,}
+    - App Password: (?i)(bbp_[a-zA-Z0-9]{32})
 
 - Google:
-  - Cloud API Key: AIza[0-9A-Za-z_-]{35}
-  - Cloud OAuth Secret: (?i)(GOCSPX-[-0-9A-Za-z_]{24,32})
-  #- reCaptcha Key: 6L([A-Za-z0-9_-]{6})AAAAA([A-Za-z0-9_-]{27})
-  - OAuth Key: ya29\.[0-9A-Za-z_-]{64,256}
-  - Firebase URL: (?i)https:\/\/[a-z0-9-]+\.firebaseio\.com\/.*.json
-  - Firebase Cloud Messaging API Key: (?i)([0-9a-zA-Z_-]{11}:APA91b[0-9a-zA-Z_-]{134})
-  - Signed URL: (?i)https:\/\/storage\.googleapis\.com\/[A-Za-z0-9\/-]+?GoogleAccessId=[A-Za-z0-9-]+&Expires=\d+&Signature=[A-Za-z0-9%]+
-  - Cloud Service Account Private Key: (?i)"-----BEGIN PRIVATE KEY-----[A-Za-z0-9\/+=\n]+-----END PRIVATE KEY-----"
-  - Cloud Service Account Key ID: (?i)"private_key_id":\s*"[a-f0-9]{32}"
-  - Cloud Project Number: (?i)"project_number":\s*"\d{12}"
-  - Client ID: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
+    - Cloud API Key: AIza[0-9A-Za-z_-]{35}
+    - Cloud OAuth Secret: (?i)(GOCSPX-[-0-9A-Za-z_]{24,32})
+    #- reCaptcha Key: 6L([A-Za-z0-9_-]{6})AAAAA([A-Za-z0-9_-]{27})
+    - OAuth Key: ya29\.[0-9A-Za-z_-]{64,256}
+    - Firebase URL: (?i)https:\/\/[a-z0-9-]+\.firebaseio\.com\/.*.json
+    - Firebase Cloud Messaging API Key: (?i)([0-9a-zA-Z_-]{11}:APA91b[0-9a-zA-Z_-]{134})
+    - Signed URL: (?i)https:\/\/storage\.googleapis\.com\/[A-Za-z0-9\/-]+?GoogleAccessId=[A-Za-z0-9-]+&Expires=\d+&Signature=[A-Za-z0-9%]+
+    - Cloud Service Account Private Key: (?i)"-----BEGIN PRIVATE KEY-----[A-Za-z0-9\/+=\n]+-----END PRIVATE KEY-----"
+    - Cloud Service Account Key ID: (?i)"private_key_id":\s*"[a-f0-9]{32}"
+    - Cloud Project Number: (?i)"project_number":\s*"\d{12}"
+    - Client ID: "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com"
 
 - GitHub:
-  - Access Token: \b(?i)ghp_[A-Za-z0-9_]{35,38}
-  - OAuth Token: \b(?i)gho_[A-Za-z0-9_]{35,38}
-  - App Installation Token: \b(?i)ghu_[A-Za-z0-9_]{35,38}
-  - App user Token: \b(?i)ghs_[A-Za-z0-9_]{35,38}
-  - Device Code: \bGH_[a-zA-Z0-9_]{9,30}
-  - Refresh Token: (\b?i)ghr_[A-Za-z0-9_]{35,38}
-  - Webhook Secret: (?i)whsec_[A-Za-z0-9]{31,38}
-  - Authentication URL: (?i)(?:(http|https):)//[\S]{1,256}:[\S]{1,256}@github.com[\S]+
+    - Access Token: \b(?i)ghp_[A-Za-z0-9_]{35,38}
+    - Personal Token: \b(?i)github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}
+    - OAuth Token: \b(?i)gho_[A-Za-z0-9_]{35,38}
+    - App Installation Token: \b(?i)ghu_[A-Za-z0-9_]{35,38}
+    - App user Token: \b(?i)ghs_[A-Za-z0-9_]{35,38}
+    - Device Code: \bGH_[a-zA-Z0-9_]{9,30}
+    - Refresh Token: (\b?i)ghr_[A-Za-z0-9_]{35,38}
+    - Webhook Secret: (?i)whsec_[A-Za-z0-9]{31,38}
+    - Authentication URL: (?i)(?:(http|https):)//[\S]{1,256}:[\S]{1,256}@github.com[\S]+
 
 - GitLab:
-  - Personal Access Token: (?i)glpat-[A-Za-z0-9\-_]{20}
-  - OAuth Access Token: (?i)glOauth-[A-Za-z0-9\-_]{20,50}
-  - Repository Access Token: (?i)glrepo-[A-Za-z0-9\-_]{20,50}
-  - Secret File Token: (?i)(?:secret_token|CI_JOB_TOKEN)[^{}]{0,20}( ){0,1}[=:]( ){0,1}([A-Za-z0-9\-_]{20,50})
-  - Project Secret Token: (?i)glproj-[A-Za-z0-9\-_]{20,50}
+    - Personal Access Token: (?i)glpat-[A-Za-z0-9\-_]{20}
+    - OAuth Access Token: (?i)glOauth-[A-Za-z0-9\-_]{20,50}
+    - Repository Access Token: (?i)glrepo-[A-Za-z0-9\-_]{20,50}
+    - Secret File Token: (?i)(?:secret_token|CI_JOB_TOKEN)[^{}]{0,20}( ){0,1}[=:]( ){0,1}([A-Za-z0-9\-_]{20,50})
+    - Project Secret Token: (?i)glproj-[A-Za-z0-9\-_]{20,50}
   #- Classic Token: (?i)(?:gitlab)[^{}()<>?*&:%@!\/= \n]{0,40}[\"\']?\s{0,50}(?::|=>|=)\s{0,50}[\"\']?([a-zA-Z0-9-_]{20})
 
 - Slack:
-  - User Token: (xox[ps]-[0-9]{8,13}-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{10,32})
-  - Bot Token: (xox[b]-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{20,30})
-  - Workspace Access Token: (xoxa-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128})
-  - Workspace Refresh Token: (xoxr-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128})
-  - Configuration Access Token: (xoxe.xoxp-[0-9]{0,2}-[a-zA-Z0-9-]{130,170})
-  - Signing Secret: (?i)xox[a-z]-[0-9a-zA-Z-]{10,}
-  - Configuration Refresh Token: (xoxe-[0-9]{0,2}-[a-zA-Z0-9-]{130,170})
-  - App Token: (xapp-[0-9]{0,2}-[A-Z0-9]{8,13}-[0-9]{12,15}-[a-zA-Z0-9-]{60,70})
-  - Webhook URL: https://hooks\.slack\.com/services/.{8,128}
+    - User Token: (xox[ps]-[0-9]{8,13}-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{10,32})
+    - Bot Token: (xox[b]-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{20,30})
+    - Workspace Access Token: (xoxa-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128})
+    - Workspace Refresh Token: (xoxr-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128})
+    - Configuration Access Token: (xoxe.xoxp-[0-9]{0,2}-[a-zA-Z0-9-]{130,170})
+    - Signing Secret: (?i)xox[a-z]-[0-9a-zA-Z-]{10,}
+    - Configuration Refresh Token: (xoxe-[0-9]{0,2}-[a-zA-Z0-9-]{130,170})
+    - App Token: (xapp-[0-9]{0,2}-[A-Z0-9]{8,13}-[0-9]{12,15}-[a-zA-Z0-9-]{60,70})
+    - Webhook URL: https://hooks\.slack\.com/services/.{8,128}
 
 - Oracle:
-  - Cloud Infrastructure: ocid1\.(tenancy|user)\.oc1\..[a-zA-Z0-9\-_]{59}
+    - Cloud Infrastructure: ocid1\.(tenancy|user)\.oc1\..[a-zA-Z0-9\-_]{59}
 
 - Tencent:
-  - Cloud API: AKID[0-9a-zA-Z]{16}
+    - Cloud API: AKID[0-9a-zA-Z]{16}
 
 - Docker:
-  - Hub Access Token: dckr_pat_[a-zA-Z0-9_=-]{24,32}
-  - Swarm Join Token: (?i)(SWMTKN-[a-z0-9A-Z]+)
-  - Swarm Unlock Token: (?i)(swmkey-1-[A-Za-z0-9+_-]{30,50})
+    - Hub Access Token: dckr_pat_[a-zA-Z0-9_=-]{24,32}
+    - Swarm Join Token: (?i)(SWMTKN-[a-z0-9A-Z]+)
+    - Swarm Unlock Token: (?i)(swmkey-1-[A-Za-z0-9+_-]{30,50})
 
 - Replit:
-  - Identity Secret Key: k2.secret.[\w]+
+    - Identity Secret Key: k2.secret.[\w]+
 
 - Meta:
-  - Page Access Token: (?i)(EAAG[0-9A-Za-z]{10,128})
-  - Facebook Access Token: EAACEdEose0cBA[0-9A-Za-z]+
-  #- Client Token: (?i)fb[a-zA-Z0-9]{24,32}
-  - Instagram Access Token: (?i)(IGQV[0-9A-Za-z-_]{10,255})
-  - Instagram App Secret: (?i)(ig_[a-f0-9]{32})
-  - Instagram Client Token: (?i)(ig_ct_[a-zA-Z0-9]{32})
-  - Instagram Authentication Token: (?i)(ig_did=[a-f0-9-]{36})
-  #- WhatsApp API Key: (?i)(?:whatsapp)[^{}]{0,20}[=:\"\' ]{0,5}([A-Za-z0-9]{24,32})
-  - WhatsApp Session Token: (?i)(session_token=[a-zA-Z0-9-_]{40,})
-  #- Messenger App Secret: (?i)(?:messenger|fb)[^{}]{0,20}[=:\"\' ]{0,5}([a-f0-9]{32})
-  - Debug Token: (?i)(DQVJ[0-9A-Za-z-_]{10,255})
+    - Page Access Token: (?i)(EAAG[0-9A-Za-z]{10,128})
+    - Facebook Access Token: EAACEdEose0cBA[0-9A-Za-z]+
+    #- Client Token: (?i)fb[a-zA-Z0-9]{24,32}
+    - Instagram Access Token: (?i)(IGQV[0-9A-Za-z-_]{10,255})
+    - Instagram App Secret: (?i)(ig_[a-f0-9]{32})
+    - Instagram Client Token: (?i)(ig_ct_[a-zA-Z0-9]{32})
+    - Instagram Authentication Token: (?i)(ig_did=[a-f0-9-]{36})
+    #- WhatsApp API Key: (?i)(?:whatsapp)[^{}]{0,20}[=:\"\' ]{0,5}([A-Za-z0-9]{24,32})
+    - WhatsApp Session Token: (?i)(session_token=[a-zA-Z0-9-_]{40,})
+    #- Messenger App Secret: (?i)(?:messenger|fb)[^{}]{0,20}[=:\"\' ]{0,5}([a-f0-9]{32})
+    - Debug Token: (?i)(DQVJ[0-9A-Za-z-_]{10,255})
 
 - Grafana:
-  - Service Account Token: (?i)glsa_[a-z0-9+-=\/]{32}_[a-f0-9]{8}
-  - API Token: (?i)grafana_(api_token|token)
+    - Service Account Token: (?i)glsa_[a-z0-9+-=\/]{32}_[a-f0-9]{8}
+    - API Token: (?i)grafana_(api_token|token)
 
 - Stripe:
-  - Read-only Key: (?i)rk_live_[a-zA-Z0-9]{20,30}
-  - Secret Key: (?i)sk_live_[a-zA-Z0-9]{20,30}
-  - Publishable Key: (?i)pk_live_[a-zA-Z0-9]{20,30}
+    - Read-only Key: (?i)rk_live_[a-zA-Z0-9]{20,30}
+    - Secret Key: (?i)sk_live_[a-zA-Z0-9]{20,30}
+    - Publishable Key: (?i)pk_live_[a-zA-Z0-9]{20,30}
 
 - PayPal:
-  - Access Token: (?:^|['\"])access_token\$production\$([0-9a-zA-Z]{28,42})
+    - Access Token: (?:^|['\"])access_token\$production\$([0-9a-zA-Z]{28,42})
 
 - SquareUp:
-  - API Key: sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}
-  - API Secret: sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}
-  - Access Token: sqOatp-[0-9A-Za-z\-_]{22}
+    - API Key: sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}
+    - API Secret: sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}
+    - Access Token: sqOatp-[0-9A-Za-z\-_]{22}
 
 - PubNub:
-  - Publish Key: pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
-  - Subscribe Key: sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
+    - Publish Key: pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
+    - Subscribe Key: sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
 
 - FlutterWave:
-  - API Key: (?i)(FLWSECK-[0-9a-z]{32}-X)
+    - API Key: (?i)(FLWSECK-[0-9a-z]{32}-X)
 
 - DataDog:
-  - Client Token: ^pub[0-9a-f]{32}$
+    - Client Token: ^pub[0-9a-f]{32}$
   # - App ID: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
 
 - Spotify:
-  - Device Cookie: (?i)sp_dc=[\w_-]{128,256}
-  - Key: (?i)sp_key=[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12}
+    - Device Cookie: (?i)sp_dc=[\w_-]{128,256}
+    - Key: (?i)sp_key=[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12}
 
 - Telegram:
-  - Bot API Key: (?:bot)*[0-9]{8,10}:AA[0-9A-Za-z\-_=]{33}
+    - Bot API Key: (?:bot)*[0-9]{8,10}:AA[0-9A-Za-z\-_=]{33}
 
 - Airtable:
-  - API Key: (?i)(?:airtable).{0,40}[\"\'`]?\s{0,50}(?::|=>|=|,)\s{0,50}[\"\'`]?(key[a-zA-Z0-9_-]{14})
-  - Table URL: https:\/\/api\.airtable\.com\/v0\/[\w]+\/[\w]+
+    - API Key: (?i)(?:airtable).{0,40}[\"\'`]?\s{0,50}(?::|=>|=|,)\s{0,50}[\"\'`]?(key[a-zA-Z0-9_-]{14})
+    - Table URL: https:\/\/api\.airtable\.com\/v0\/[\w]+\/[\w]+
 
 - Postman:
-  - API Key: (?i)(PMAK-[a-zA-Z-0-9]{59})
+    - API Key: (?i)(PMAK-[a-zA-Z-0-9]{59})
 
 #- Clearbit:
 #  - API Key: (?i)(?:clearbit)[^{}]{0,20}( ){0,1}[=:]( ){0,1}.{0,40}(sk_[0-9a-z_]{24,32})
 
 - OpenAI:
-  - Project API Key: (?i)sk-proj-[\w-]+T3BlbkFJ[\w-]+
-  - User API Key: (?i)sk-[^proj]\w.+T3BlbkFJ[\w-]+
+    - Project API Key: (?i)sk-proj-[\w-]+T3BlbkFJ[\w-]+
+    - User API Key: (?i)sk-[^proj]\w.+T3BlbkFJ[\w-]+
 
 - Groq:
-  - API Key: (?i)gsk_[A-Za-z0-9]+
+    - API Key: (?i)gsk_[A-Za-z0-9]+
 
 - OpenWeatherMap:
-  - API Key URL: (?i)(?:https?://api\.openweathermap\.org/data/[a-z0-9.+?\/]+=)([a-z0-9]{32})
+    - API Key URL: (?i)(?:https?://api\.openweathermap\.org/data/[a-z0-9.+?\/]+=)([a-z0-9]{32})
 
 - Razorpay:
-  - Test Key: (?i)rzp_test_\w{10,20}
-  - Live Key: (?i)rzp_live_\w{10,20}
+    - Test Key: (?i)rzp_test_\w{10,20}
+    - Live Key: (?i)rzp_live_\w{10,20}
 
 #- CircleCI:
 #  - Personal Token: (?i)(?:circle)[^{}]{0,20}( ){0,1}[=:]( ){0,1}(["a-fA-F0-9]{40,42})
 
 - MailGun:
-  - API Key: (?i)key-[0-9a-zA-Z]{32}
-  - Domain Sending Key: "[a-f0-9]{32}-[a-f0-9]{8}-[a-f0-9]{8}"
+    - API Key: (?i)key-[0-9a-zA-Z]{32}
+    - Domain Sending Key: "[a-f0-9]{32}-[a-f0-9]{8}-[a-f0-9]{8}"
 
 - Hashicorp:
-  - Terraform API Token: (?i)([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})
-  - Vault Unseal Key: (?i)unseal.?(?:key|token)[^)(|\s"\'<>,&#]?.{0,40}([a-fA-F0-9\/_\-=][^|\s"\'<>,&#]{43})
+    - Terraform API Token: (?i)([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})
+    - Vault Unseal Key: (?i)unseal.?(?:key|token)[^)(|\s"\'<>,&#]?.{0,40}([a-fA-F0-9\/_\-=][^|\s"\'<>,&#]{43})
 
 - Intuit:
-  - MailChimp API Key: (?i)[0-9a-f]{32}-us[0-9]{1,2}
+    - MailChimp API Key: (?i)[0-9a-f]{32}-us[0-9]{1,2}
 
 - NPM:
-  - Token: (?i)(npm_[0-9a-zA-Z]{36})
+    - Token: (?i)(npm_[0-9a-zA-Z]{36})
 
-- Riot Games: 
-  - API Key: (?i)(rgapi[a-f0-9-]{37})
+- Riot Games:
+    - API Key: (?i)(rgapi[a-f0-9-]{37})
 
-- RubyGems:	
-  - API Key: (?i)(rubygems_[a-zA0-9]{48})
+- RubyGems:
+    - API Key: (?i)(rubygems_[a-zA0-9]{48})
 
 - Artifactory:
-  - Token: AKCp[0-9][a-zA-Z0-9]{64,128}
+    - Token: AKCp[0-9][a-zA-Z0-9]{64,128}
 
 - Figma:
-  - Personal Access Token: (figd_[a-zA-Z0-9-_]{14,32}_[a-zA-Z0-9-_]{14,32})
+    - Personal Access Token: (figd_[a-zA-Z0-9-_]{14,32}_[a-zA-Z0-9-_]{14,32})
 
 - Adafruit.io:
-  - API Key: aio_[a-zA-Z0-9]{28}
+    - API Key: aio_[a-zA-Z0-9]{28}
 
-- Checkout.com: 
-  - Secret Key: (sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
+- Checkout.com:
+    - Secret Key: (sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}
 
 - Mapbox:
-  - Token: (?i)(sk\.eyj1ijoi[a-zA-Z-0-9-_\.]{80,240})
+    - Token: (?i)(sk\.eyj1ijoi[a-zA-Z-0-9-_\.]{80,240})
 
 #- IBM:
 #  - Cloud User Key: (?i)(?:ibm)[^{}]{0,20}( ){0,1}[=:]( ){0,1}(-_[A-Za-z0-9_-]{42})
 
 - Freshdesk:
-  - API Token: (?i)(?:freshdesk)[^{}()<>?*&:%@.\-!\/\n]{0,40}\b([0-9A-Za-z]{16,24})
+    - API Token: (?i)(?:freshdesk)[^{}()<>?*&:%@.\-!\/\n]{0,40}\b([0-9A-Za-z]{16,24})
 
 - SendInBlue:
-  - API Key: xkeysib-.{0,81}
+    - API Key: xkeysib-.{0,81}
 
 - Docusign:
-  - API Key: (?i)(?:docusign).{0,40}\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
+    - API Key: (?i)(?:docusign).{0,40}\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
 
 - Dynatrace:
-  - API Token: dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}
+    - API Token: dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}
 
 - Sidekiq:
-  - API Key: (?i)(?:CONTRIBSYS_+COM).{0,40}\b(?:[0-9a-z\-_\t .]{0,20})\b
+    - API Key: (?i)(?:CONTRIBSYS_+COM).{0,40}\b(?:[0-9a-z\-_\t .]{0,20})\b
 
 - Fastly:
-  - Personal Token:	(?i)(?:fastly)[^{}()<>?*&%'",@!\-/=\n]{0,40}\b([A-Za-z0-9_-]{32})\b
+    - Personal Token: (?i)(?:fastly)[^{}()<>?*&%'",@!\-/=\n]{0,40}\b([A-Za-z0-9_-]{32})\b
 
 - Asana:
-  - Personal Access Token: (?i)(?:asana).{0,40}([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})|([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})
-  
+    - Personal Access Token: (?i)(?:asana).{0,40}([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})|([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})
+
 - Beamer:
-  - API Key: (?i)(?:beamer).{0,40}b_[a-z0-9+/]{43}=|b_[a-z0-9+/]{43}=
+    - API Key: (?i)(?:beamer).{0,40}b_[a-z0-9+/]{43}=|b_[a-z0-9+/]{43}=
 
 - Chief.app:
-  - Key: ct[pt]_([a-zA-Z0-9]){36}
-  
+    - Key: ct[pt]_([a-zA-Z0-9]){36}
+
 - Square:
-  - Access Token:	(sq0atp-[0-9A-Za-z\-_]{22})
+    - Access Token: (sq0atp-[0-9A-Za-z\-_]{22})
 
 - Saucelabs:
-  - TestFairy OAuth Token URL: https://testfairy\.atlassian\.net/plugins/servlet/oauth/authorize\?oauth_token-\w{32}
+    - TestFairy OAuth Token URL: https://testfairy\.atlassian\.net/plugins/servlet/oauth/authorize\?oauth_token-\w{32}
 
 - NuGet:
-  - API Key: (?i)(?:nuget).{0,40}(oy2[a-z0-9]{43})
+    - API Key: (?i)(?:nuget).{0,40}(oy2[a-z0-9]{43})
 
 - Cloudinary:
-  - API URL: cloudinary://.+/
+    - API URL: cloudinary://.+/
 
 - Ngrok:
-  - API Key Block: (?i)add-api-key
-  - Authentication Token Block: (?i)add-authtoken	
-  - Connection URL Block: (?i)add-connect-url
+    - API Key Block: (?i)add-api-key
+    - Authentication Token Block: (?i)add-authtoken
+    - Connection URL Block: (?i)add-connect-url
 
 - WeChat:
-  - App Key: (?:^|['\"`])(wx[a-f0-9]{16})(?:$|['\"`])
+    - App Key: (?:^|['\"`])(wx[a-f0-9]{16})(?:$|['\"`])
 
 - Resend:
-  - API Key: re_\w{8}_{0,1}\w*\d\w*
+    - API Key: re_\w{8}_{0,1}\w*\d\w*
 
 - Vercel:
-  - Blob Read/Write Token: vercel_blob_rw_\w{47,49}
-  - Project ID: \bprj_.{28}\b
+    - Blob Read/Write Token: vercel_blob_rw_\w{47,49}
+    - Project ID: \bprj_.{28}\b
 
 - Postgresql:
-  - URL: (?i)(?:pgsql:|postgres:|postgresql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
+    - URL: (?i)(?:pgsql:|postgres:|postgresql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
 
 - GitHub:
-  - Access Token: (?i)\bghp_[A-Za-z0-9]{36}\b
-  - OAuth Token: (?i)\bgho_[A-Za-z0-9]{36}\b
-  - App Installation Token: (?i)\bghu_[A-Za-z0-9]{36}\b
-  - App user Token: (?i)\bghs_[A-Za-z0-9]{36}\b
-  - Refresh Token: (?i)\bghr_[A-Za-z0-9]{36}\b
+    - Access Token: (?i)\bghp_[A-Za-z0-9]{36}\b
+    - OAuth Token: (?i)\bgho_[A-Za-z0-9]{36}\b
+    - App Installation Token: (?i)\bghu_[A-Za-z0-9]{36}\b
+    - App user Token: (?i)\bghs_[A-Za-z0-9]{36}\b
+    - Refresh Token: (?i)\bghr_[A-Za-z0-9]{36}\b
 
 - Addresses:
-  - Bitcoin Legacy: \b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b
-  - Bitcoin SegWit: \b(bc1)[a-zA-HJ-NP-Z0-9]{39,59}\b
-  - Ethereum: \b0x[a-fA-F0-9]{40}\b
-  - Litecoin: \b(L|M)[a-km-zA-HJ-NP-Z1-9]{26,33}\b
-  - Dogecoin: \b(D|A)[a-km-zA-HJ-NP-Z1-9]{25,34}\b
-  - Ripple: \br[rK][a-zA-Z0-9]{25,35}\b
-  - Monero: \b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b
-  - Tron: \bT[a-zA-HJ-NP-Z0-9]{33}\b
+    - Bitcoin Legacy: \b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b
+    - Bitcoin SegWit: \b(bc1)[a-zA-HJ-NP-Z0-9]{39,59}\b
+    - Ethereum: \b0x[a-fA-F0-9]{40}\b
+    - Litecoin: \b(L|M)[a-km-zA-HJ-NP-Z1-9]{26,33}\b
+    - Dogecoin: \b(D|A)[a-km-zA-HJ-NP-Z1-9]{25,34}\b
+    - Ripple: \br[rK][a-zA-Z0-9]{25,35}\b
+    - Monero: \b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b
+    - Tron: \bT[a-zA-HJ-NP-Z0-9]{33}\b
   # - Solana: \b[1-9A-HJ-NP-Za-km-z]{43,44}\b
 
 - Generic:
-  - Shell Command: "[\\w. ]+(--username|-u|--user|--uname|--userid|--id|-i) [^$][\\w_\\-.\"']{1,256} (--password|-p|--pwd|--pass)[^$<{][\\w_\\-.\"']{4,253}"
-  - Bearer Token: "(Authorization: )*((b|B)earer [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})"
-  - Basic Token: "(Authorization: )*((b|B)asic [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})"
-  - JSON Web Token: \beyJ[a-zA-Z0-9]{3,}\.eyJ[A-Za-z0-9_\\/+-]{3,}\.[A-Za-z0-9_\\/+-]{3,}\b
-  # Tokens
-  #- Refresh Token Variable: (?i)refresh[_-]{0,1}token
-  # URLs
-  - Auth URL: (?i)((https?|ftps?|ssh|sftp)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+)
-  - Redis URL: (?i)((redis?)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+)
-  - MongoDB URL: (?i)(?:mongodb:|mongodb\+srv:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
-  - MySQL URL: (?i)(?:mysql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
-  - File Transfer Protocol (FTP) URL: ftp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+
-  - Advanced Message Queuing Protocol (AMQP) URL: amqp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+
-  # Private Keys
-  - JSON Web Key Block: /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm
-  - Private Key Block: -{0,5} ?BEGIN (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} ?([\s\S]*?)-{0,5} ?END (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5}
-  - Bitcoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b
-  - Ethereum Private Key: \b0x[a-fA-F0-9]{64}\b
-  - Litecoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b
-  - Ripple Secret Key: \b[sS][a-zA-Z0-9]{28,35}\b
+    - Shell Command: "[\\w. ]+(--username|-u|--user|--uname|--userid|--id|-i) [^$][\\w_\\-.\"']{1,256} (--password|-p|--pwd|--pass)[^$<{][\\w_\\-.\"']{4,253}"
+    - Bearer Token: "(Authorization: )*((b|B)earer [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})"
+    - Basic Token: "(Authorization: )*((b|B)asic [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})"
+    - JSON Web Token: \beyJ[a-zA-Z0-9]{3,}\.eyJ[A-Za-z0-9_\\/+-]{3,}\.[A-Za-z0-9_\\/+-]{3,}\b
+    # Tokens
+    #- Refresh Token Variable: (?i)refresh[_-]{0,1}token
+    # URLs
+    - Auth URL: (?i)((https?|ftps?|ssh|sftp)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+)
+    - Redis URL: (?i)((redis?)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+)
+    - MongoDB URL: (?i)(?:mongodb:|mongodb\+srv:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
+    - MySQL URL: (?i)(?:mysql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+
+    - File Transfer Protocol (FTP) URL: ftp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+
+    - Advanced Message Queuing Protocol (AMQP) URL: amqp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+
+    # Private Keys
+    - JSON Web Key Block: /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm
+    - Private Key Block: -{0,5} ?BEGIN (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} ?([\s\S]*?)-{0,5} ?END (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5}
+    - Bitcoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b
+    - Ethereum Private Key: \b0x[a-fA-F0-9]{64}\b
+    - Litecoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b
+    - Ripple Secret Key: \b[sS][a-zA-Z0-9]{28,35}\b
   # - Monero Private View Key: \b[0-9A-Fa-f]{64}\b
   # - Tron Private Key: \b[a-fA-F0-9]{64}\b
   # - Solana Private Key: \b[1-9A-HJ-NP-Za-km-z]{43,88}\b
diff --git a/src/codegate/pipeline/secrets/secrets.py b/src/codegate/pipeline/secrets/secrets.py
index 01eb40e6..056b4418 100644
--- a/src/codegate/pipeline/secrets/secrets.py
+++ b/src/codegate/pipeline/secrets/secrets.py
@@ -76,7 +76,7 @@ def _extend_match_boundaries(self, text: str, start: int, end: int) -> tuple[int
 
         return start, end
 
-    def _redeact_text(
+    def _redact_text(
         self, text: str, secrets_manager: SecretsManager, session_id: str, context: PipelineContext
     ) -> tuple[str, int]:
         """
@@ -189,11 +189,14 @@ async def process(
         for i, message in enumerate(new_request["messages"]):
             if "content" in message and message["content"]:
                 # Protect the text
-                protected_string, redacted_count = self._redeact_text(
+                protected_string, redacted_count = self._redact_text(
                     message["content"], secrets_manager, session_id, context
                 )
                 new_request["messages"][i]["content"] = protected_string
-                total_redacted += redacted_count
+
+                # only sum to the count if it is the last message
+                if i == len(new_request["messages"]) - 1:
+                    total_redacted += redacted_count
 
         logger.info(f"Total secrets redacted: {total_redacted}")
 
diff --git a/src/codegate/pipeline/secrets/signatures.py b/src/codegate/pipeline/secrets/signatures.py
index 0f96423b..d6cbed36 100644
--- a/src/codegate/pipeline/secrets/signatures.py
+++ b/src/codegate/pipeline/secrets/signatures.py
@@ -175,7 +175,8 @@ def _load_signatures(cls) -> None:
             yaml_data = cls._load_yaml(cls._yaml_path)
 
             # Add custom GitHub token patterns
-            github_patterns = {"Access Token": r"ghp_[0-9a-zA-Z]{32}"}
+            github_patterns = {"Access Token": r"ghp_[0-9a-zA-Z]{32}",
+                               "Personal Token": r"github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}"}
             cls._add_signature_group("GitHub", github_patterns)
 
             # Process patterns from YAML