Payload CMS upload security

Scan files before they enter your Payload CMS workflow

CypherScan helps Payload teams detect malware, exposed secrets, and risky uploads before files are accepted by the CMS.

Install Payload plugin View on GitHub Create API key

Example: CypherScan evaluates an uploaded file before it enters a CMS workflow.

Quick installation

npm install cypherscan-payload

import { cypherScanPayload } from "cypherscan-payload";

export default buildConfig({
  plugins: [
    cypherScanPayload({
      apiKey: process.env.CYPHERSCAN_API_KEY!,
    }),
  ],
});

What CypherScan catches

Malware indicators

Exposed API keys

JWT secrets

Suspicious payloads

Risky upload patterns

How it works

Step 1

Install the Payload plugin

Step 2

Add your CypherScan API key

Step 3

Upload files normally

Step 4

Block suspicious or malicious uploads

Default plugin behavior

• Clean uploads are allowed.

• Suspicious uploads are blocked by default.

• Malicious uploads are blocked by default.

• failOpen=true is enabled by default.

Secure your Payload upload pipeline

Add a CypherScan API key and start scanning Payload uploads before risky files reach production.

Create API key See plans