diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e49b99c..c4b620b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,8 +9,8 @@ verify:no_secrets:
     # Global secret scan (cheap but effective)
     - |
       set +e
-      secret_re='(-----BEGI[N] (RSA|OPENS[S]H|EC) PRIV[A]TE KEY-----|-----BEGI[N] ENCR[Y]PTED PRIV[A]TE KEY-----|-----BEGI[N] PRIV[A]TE KEY-----|-----BEGI[N] PGP PRIV[A]TE KEY BLOC[K]-----|aws_secret_access_[k]ey|AKI[A][0-9A-Z]{16}|xox[baprs]-[0-9A-Za-z-]{10,}|gh[p]_[A-Za-z0-9]{36}|glp[a]t-[A-Za-z0-9_-]{20,})'
-      matches="$(git grep -lE "$secret_re" -- . ':!vault/**')"
+      secret_re='(BEGIN (RSA|OPENSSH|EC) PRIVATE KEY|-----BEGIN PGP PRIVATE KEY BLOCK-----|aws_secret_access_key|AKIA[0-9A-Z]{16}|xox[baprs]-[0-9A-Za-z-]{10,}|ghp_[A-Za-z0-9]{36}|glpat-[A-Za-z0-9_-]{20,})'
+      matches="$(git grep -lE "$secret_re" -- . ':!.gitlab-ci.yml' ':!vault/**')"
       status=$?
       set -e