diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
index 3e5a7e216a..1aa6912aa7 100644
--- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
+++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
@@ -101,6 +101,18 @@ In addition to these generic non-provider patterns, {% data variables.product.pr
 
 Service providers update the patterns used to generate tokens periodically and may support more than one version of a token. Push protection only supports the most recent token versions that {% data variables.product.prodname_secret_scanning %} can identify with confidence. This avoids push protection blocking commits unnecessarily when a result may be a false positive, which is more likely to happen with legacy tokens.<!-- markdownlint-disable-line MD053 -->
 
+#### Multi-part secrets
+
+<a name="multi-part-secrets"></a>
+
+By default, {% data variables.product.prodname_secret_scanning %} supports validation for pair-matched access keys and key IDs.
+
+{% data variables.product.prodname_secret_scanning_caps %} also supports validation for individual key IDs for Amazon AWS Access Key IDs, in addition to existing pair matching.
+
+A key ID will show as active if {% data variables.product.prodname_secret_scanning %} confirms the key ID exists, regardless of whether or not a corresponding access key is found. The key ID will show as `inactive` if it's invalid (for example, if it is not a real key ID).
+
+Where a valid pair is found, the {% data variables.product.prodname_secret_scanning %} alerts will be linked.<!-- markdownlint-disable-line MD053 -->
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)
diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml
index e167d5ed29..252a5d612e 100644
--- a/src/secret-scanning/data/public-docs.yml
+++ b/src/secret-scanning/data/public-docs.yml
@@ -199,6 +199,7 @@
   isPrivateWithGhas: true
   hasPushProtection: true
   hasValidityCheck: '{% ifversion fpt or ghes %}false{% else %}true{% endif %}'
+  ismultipart: true
   base64Supported: false
   isduplicate: false
 - provider: Amazon AWS
diff --git a/src/secret-scanning/middleware/secret-scanning.ts b/src/secret-scanning/middleware/secret-scanning.ts
index 5d68d398a3..8feb9cabbd 100644
--- a/src/secret-scanning/middleware/secret-scanning.ts
+++ b/src/secret-scanning/middleware/secret-scanning.ts
@@ -46,6 +46,9 @@ export default async function secretScanning(
     if (entry.isduplicate) {
       entry.secretType += ' <br/><a href="#token-versions">Token versions</a>'
     }
+    if (entry.ismultipart) {
+      entry.secretType += ' <br/><a href="#multi-part-secrets">Multi-part secrets</a>'
+    }
   })
 
   return next()
diff --git a/src/types.ts b/src/types.ts
index f7b32ce768..db399ccb59 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -311,6 +311,7 @@ export type SecretScanningData = {
   isPrivateWithGhas: boolean
   hasPushProtection: boolean
   hasValidityCheck: boolean | string
+  ismultipart?: boolean
   base64Supported: boolean
   isduplicate: boolean
 }