Generate tps (#845)

* WIP

* simplify tp generation

cmd/generate/config/main.go

@@ -16,9 +16,9 @@ const (
 
 func main() {
 	configRules := []*config.Rule{}
-	configRules = append(configRules, rules.AgeSecretKey())
 	configRules = append(configRules, rules.AdobeClientID())
 	configRules = append(configRules, rules.AdobeClientSecret())
+	configRules = append(configRules, rules.AgeSecretKey())
 	configRules = append(configRules, rules.AlibabaAccessKey())
 	configRules = append(configRules, rules.AlibabaSecretKey())
 	configRules = append(configRules, rules.AsanaClientID())

cmd/generate/config/rules/adobe.go

@@ -1,8 +1,7 @@
 package rules
 
 import (
-	"regexp"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -11,14 +10,14 @@ func AdobeClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Adobe Client ID (Oauth Web)",
 		RuleID:      "adobe-client-id",
-		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex32),
+		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"adobe"},
 	}
 
 	// validate
 	tps := []string{
-		"adobeClient := \"" + sampleHex32Token + "\"",
+		generateSampleSecret("adobe", secrets.NewSecret(hex("32"))),
 	}
 	return validate(r, tps)
 }
@@ -28,13 +27,13 @@ func AdobeClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Adobe Client Secret",
 		RuleID:      "adobe-client-secret",
-		Regex:       regexp.MustCompile(`(p8e-)(?i)[a-z0-9]{32}`),
+		Regex:       generateUniqueTokenRegex(`(p8e-)(?i)[a-z0-9]{32}`),
 		Keywords:    []string{"p8e-"},
 	}
 
 	// validate
 	tps := []string{
-		"adobeClient := \"p8e-" + sampleHex32Token + "\"",
+		"adobeClient := \"p8e-" + secrets.NewSecret(hex("32")) + "\"",
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/alibaba.go

@@ -1,8 +1,7 @@
 package rules
 
 import (
-	"regexp"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -11,13 +10,13 @@ func AlibabaAccessKey() *config.Rule {
 	r := config.Rule{
 		Description: "Alibaba AccessKey ID",
 		RuleID:      "alibaba-access-key-id",
-		Regex:       regexp.MustCompile(`(LTAI)(?i)[a-z0-9]{20}`),
+		Regex:       generateUniqueTokenRegex(`(LTAI)(?i)[a-z0-9]{20}`),
 		Keywords:    []string{"LTAI"},
 	}
 
 	// validate
 	tps := []string{
-		"alibabaKey := \"LTAI" + sampleHex20Token + "\"",
+		"alibabaKey := \"LTAI" + secrets.NewSecret(hex("20")) + "\"",
 	}
 	return validate(r, tps)
 }
@@ -29,14 +28,14 @@ func AlibabaSecretKey() *config.Rule {
 		Description: "Alibaba Secret Key",
 		RuleID:      "alibaba-secret-key",
 		Regex: generateSemiGenericRegex([]string{"alibaba"},
-			alphaNumeric30),
+			alphaNumeric("30")),
 		SecretGroup: 1,
 		Keywords:    []string{"alibaba"},
 	}
 
 	// validate
 	tps := []string{
-		"alibabaSecret Key:= \"" + sampleAlphaNumeric30Token + "\"",
+		generateSampleSecret("alibaba", secrets.NewSecret(alphaNumeric("30"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/asana.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func AsanaClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Asana Client ID",
 		RuleID:      "asana-client-id",
-		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric16),
+		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric("16")),
 		SecretGroup: 1,
 		Keywords:    []string{"asana"},
 	}
 
 	// validate
 	tps := []string{
-		"asanaKey := \"" + sampleNumeric16 + "\"",
+		generateSampleSecret("asana", secrets.NewSecret(numeric("16"))),
 	}
 	return validate(r, tps)
 }
@@ -26,13 +27,13 @@ func AsanaClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Asana Client Secret",
 		RuleID:      "asana-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric32),
+		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric("32")),
 		Keywords:    []string{"asana"},
 	}
 
 	// validate
 	tps := []string{
-		"asanaKey := \"" + sampleAlphaNumeric32Token + "\"",
+		generateSampleSecret("asana", secrets.NewSecret(alphaNumeric("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/atlassian.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,15 @@ func Atlassian() *config.Rule {
 	r := config.Rule{
 		Description: "Atlassian API token",
 		RuleID:      "atlassian-api-token",
-		Regex:       generateSemiGenericRegex([]string{"atlassian"}, alphaNumeric24),
+		Regex:       generateSemiGenericRegex([]string{"atlassian", "confluence"}, alphaNumeric("24")),
 		SecretGroup: 1,
-		Keywords:    []string{"atlassian"},
+		Keywords:    []string{"atlassian", "confluence"},
 	}
 
 	// validate
 	tps := []string{
-		"atlassian:= \"" + sampleAlphaNumeric24Token + "\"",
+		generateSampleSecret("atlassian", secrets.NewSecret(alphaNumeric("24"))),
+		generateSampleSecret("confluence", secrets.NewSecret(alphaNumeric("24"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/aws.go

@@ -26,6 +26,6 @@ func AWS() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"AWSToken := \"" + "AKIALALEMEL33243OLIB" + "\""} // gitleaks:allow
+	tps := []string{generateSampleSecret("AWS", "AKIALALEMEL33243OLIB")} // gitleaks:allow
 	return validate(r, tps)
 }

cmd/generate/config/rules/beamer.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func Beamer() *config.Rule {
 
 	// validate
 	tps := []string{
-		"beamer := \"b_" + sampleAlphaNumeric32Token + "-_=_xxxxxxxx\"",
+		generateSampleSecret("beamer", "b_"+secrets.NewSecret(alphaNumericExtended("44"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/bitbucket.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func BitBucketClientID() *config.Rule {
 	r := config.Rule{
 		Description: "BitBucket Client ID",
 		RuleID:      "bitbucket-client-id",
-		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric32),
+		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}
 
 	// validate
 	tps := []string{
-		"bitbucket := \"" + sampleAlphaNumeric32Token + "\"",
+		generateSampleSecret("bitbucket", secrets.NewSecret(alphaNumeric("32"))),
 	}
 	return validate(r, tps)
 }
@@ -26,14 +27,14 @@ func BitBucketClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "BitBucket Client Secret",
 		RuleID:      "bitbucket-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, extendedAlphaNumeric64),
+		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumericExtended("64")),
 		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}
 
 	// validate
 	tps := []string{
-		"bitbucket := \"" + sampleExtendedAlphaNumeric64Token + "\"",
+		generateSampleSecret("bitbucket", secrets.NewSecret(alphaNumeric("64"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/clojars.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -11,13 +12,13 @@ func Clojars() *config.Rule {
 	r := config.Rule{
 		Description: "Clojars API token",
 		RuleID:      "clojars-api-token",
-		Regex:       regexp.MustCompile(`(CLOJARS_)(?i)[a-z0-9]{60}`),
+		Regex:       regexp.MustCompile(`(?i)(CLOJARS_)[a-z0-9]{60}`),
 		Keywords:    []string{"clojars"},
 	}
 
 	// validate
 	tps := []string{
-		"clojarsAPIToken := \"CLOJARS_" + sampleAlphaNumeric60Token + "\"",
+		generateSampleSecret("clojars", "CLOJARS_"+secrets.NewSecret(alphaNumeric("60"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/contentful.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -10,14 +11,14 @@ func Contentful() *config.Rule {
 		Description: "Contentful delivery API token",
 		RuleID:      "contentful-delivery-api-token",
 		Regex: generateSemiGenericRegex([]string{"contentful"},
-			`[a-z0-9\-=_]{43}`),
+			alphaNumericExtended("43")),
 		SecretGroup: 1,
 		Keywords:    []string{"contentful"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("contentful", sampleExtendedAlphaNumeric43Token),
+		generateSampleSecret("contentful", secrets.NewSecret(alphaNumeric("43"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/databricks.go

@@ -1,8 +1,7 @@
 package rules
 
 import (
-	"regexp"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -11,13 +10,13 @@ func Databricks() *config.Rule {
 	r := config.Rule{
 		Description: "Databricks API token",
 		RuleID:      "databricks-api-token",
-		Regex:       regexp.MustCompile(`dapi[a-h0-9]{32}`),
+		Regex:       generateUniqueTokenRegex(`dapi[a-h0-9]{32}`),
 		Keywords:    []string{"dapi"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("databricks", "dapi"+sampleHex32Token),
+		generateSampleSecret("databricks", "dapi"+secrets.NewSecret(hex("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/discord.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func DiscordAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Discord API key",
 		RuleID:      "discord-api-token",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, hex64),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, hex("64")),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("discord", sampleHex64Token),
+		generateSampleSecret("discord", secrets.NewSecret(hex("64"))),
 	}
 	return validate(r, tps)
 }
@@ -26,14 +27,14 @@ func DiscordClientID() *config.Rule {
 	r := config.Rule{
 		Description: "Discord client ID",
 		RuleID:      "discord-client-id",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric18),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric("18")),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("discord", sampleNumeric18),
+		generateSampleSecret("discord", secrets.NewSecret(numeric("18"))),
 	}
 	return validate(r, tps)
 }
@@ -43,14 +44,14 @@ func DiscordClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Discord client secret",
 		RuleID:      "discord-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"discord"}, extendedAlphaNumeric32),
+		Regex:       generateSemiGenericRegex([]string{"discord"}, alphaNumericExtended("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("discord", sampleExtendedAlphaNumeric32Token),
+		generateSampleSecret("discord", secrets.NewSecret(numeric("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/doppler.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func Doppler() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("doppler", "dp.pt."+sampleAlphaNumeric43Token),
+		generateSampleSecret("doppler", "dp.pt."+secrets.NewSecret(alphaNumeric("43"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/dropbox.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func DropBoxAPISecret() *config.Rule {
 	r := config.Rule{
 		Description: "Dropbox API secret",
 		RuleID:      "doppler-api-token",
-		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric15),
+		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric("15")),
 		SecretGroup: 1,
 		Keywords:    []string{"dropbox"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("dropbox", sampleAlphaNumeric15Token),
+		generateSampleSecret("dropbox", secrets.NewSecret(alphaNumeric("15"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/duffel.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func Duffel() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("duffel", "duffel_test_"+sampleExtendedAlphaNumeric43Token),
+		generateSampleSecret("duffel", "duffel_test_"+secrets.NewSecret(alphaNumericExtended("43"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/dynatrace.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func Dynatrace() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("dynatrace", "dt0c01."+sampleAlphaNumeric24Token+"."+sampleAlphaNumeric64Token),
+		generateSampleSecret("dynatrace", "dt0c01."+secrets.NewSecret(alphaNumeric("24"))+"."+secrets.NewSecret(alphaNumeric("64"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/easypost.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func EasyPost() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("EZAK", "EZAK"+sampleAlphaNumeric54Token),
+		generateSampleSecret("EZAK", "EZAK"+secrets.NewSecret(alphaNumeric("54"))),
 	}
 	return validate(r, tps)
 }
@@ -33,7 +34,7 @@ func EasyPostTestAPI() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("EZTK", "EZTK"+sampleAlphaNumeric54Token),
+		generateSampleSecret("EZTK", "EZTK"+secrets.NewSecret(alphaNumeric("54"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/facebook.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,13 +10,14 @@ func Facebook() *config.Rule {
 	r := config.Rule{
 		Description: "facebook",
 		RuleID:      "facebook",
-		Regex: generateSemiGenericRegex([]string{"facebook"},
-			hex32),
+		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"facebook"},
 	}
 
 	// validate
-	tps := []string{"facebookToken := \"" + sampleHex32Token + "\""}
+	tps := []string{
+		generateSampleSecret("facebook", secrets.NewSecret(hex("32"))),
+	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/fastly.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func FastlyAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Fastly API key",
 		RuleID:      "fastly-api-token",
-		Regex:       generateSemiGenericRegex([]string{"fastly"}, extendedAlphaNumeric32),
+		Regex:       generateSemiGenericRegex([]string{"fastly"}, alphaNumericExtended("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"fastly"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("fastly", sampleExtendedAlphaNumeric32Token),
+		generateSampleSecret("fastly", secrets.NewSecret(alphaNumericExtended("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/finicity.go

@@ -1,10 +1,8 @@
 package rules
 
 import (
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func FinicityClientSecret() *config.Rule {
@@ -12,24 +10,16 @@ func FinicityClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Finicity Client Secret",
 		RuleID:      "finicity-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric20),
+		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric("20")),
 		SecretGroup: 1,
 		Keywords:    []string{"finicity"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("finicity", sampleAlphaNumeric20Token),
-	}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate finicity-client-secret")
-		}
+		generateSampleSecret("finicity", secrets.NewSecret(alphaNumeric("20"))),
 	}
-	return &r
+	return validate(r, tps)
 }
 
 func FinicityAPIToken() *config.Rule {
@@ -37,14 +27,14 @@ func FinicityAPIToken() *config.Rule {
 	r := config.Rule{
 		Description: "Finicity API token",
 		RuleID:      "finicity-api-token",
-		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex32),
+		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex("32")),
 		SecretGroup: 1,
 		Keywords:    []string{"finicity"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("finicity", sampleHex32Token),
+		generateSampleSecret("finicity", secrets.NewSecret(hex("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/flutterwave.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func FlutterwavePublicKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("flutterwavePubKey", "FLWPUBK_TEST-"+sampleHex32Token+"-X"),
+		generateSampleSecret("flutterwavePubKey", "FLWPUBK_TEST-"+secrets.NewSecret(hex("32"))+"-X"),
 	}
 	return validate(r, tps)
 }
@@ -33,7 +34,7 @@ func FlutterwaveSecretKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+sampleHex32Token+"-X"),
+		generateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(hex("32"))+"-X"),
 	}
 	return validate(r, tps)
 }
@@ -49,7 +50,7 @@ func FlutterwaveEncKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+sampleHex12Token),
+		generateSampleSecret("flutterwavePubKey", "FLWSECK_TEST-"+secrets.NewSecret(hex("12"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/frameio.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func FrameIO() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("frameio", "fio-u-"+sampleExtendedAlphaNumeric64Token),
+		generateSampleSecret("frameio", "fio-u-"+secrets.NewSecret(alphaNumericExtended("64"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/generic.go

@@ -35,7 +35,8 @@ func GenericCredential() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("generic", "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"),
+		generateSampleSecret("generic", "CLOJARS_34bf0e88955ff5a1c328d6a7491acc4f48e865a7b8dd4d70a70749037443"),
+		generateSampleSecret("generic", "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB"),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/github.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -16,7 +17,9 @@ func GitHubPat() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"gihubPAT := \"ghp_" + sampleAlphaNumeric36Token + "\""}
+	tps := []string{
+		generateSampleSecret("github", "ghp_"+secrets.NewSecret(alphaNumeric("36"))),
+	}
 	return validate(r, tps)
 }
 
@@ -30,7 +33,9 @@ func GitHubOauth() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"gihubAuth := \"gho_" + sampleAlphaNumeric36Token + "\""}
+	tps := []string{
+		generateSampleSecret("github", "gho_"+secrets.NewSecret(alphaNumeric("36"))),
+	}
 	return validate(r, tps)
 }
 
@@ -44,7 +49,10 @@ func GitHubApp() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"gihubAuth := \"ghs_" + sampleAlphaNumeric36Token + "\""}
+	tps := []string{
+		generateSampleSecret("github", "ghu_"+secrets.NewSecret(alphaNumeric("36"))),
+		generateSampleSecret("github", "ghs_"+secrets.NewSecret(alphaNumeric("36"))),
+	}
 	return validate(r, tps)
 }
 
@@ -58,6 +66,8 @@ func GitHubRefresh() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"gihubAuth := \"ghr_" + sampleAlphaNumeric36Token + "\""}
+	tps := []string{
+		generateSampleSecret("github", "ghr_"+secrets.NewSecret(alphaNumeric("36"))),
+	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/gitlab.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -16,6 +17,8 @@ func Gitlab() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"gitlabPAT := \"glpat-" + sampleAlphaNumeric20Token + "\""}
+	tps := []string{
+		generateSampleSecret("gitlab", "glpat-"+secrets.NewSecret(alphaNumeric("20"))),
+	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/gocardless.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func GoCardless() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("gocardless", "live_"+sampleExtendedAlphaNumeric40Token),
+		generateSampleSecret("gocardless", "live_"+secrets.NewSecret(alphaNumericExtended("40"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/hashicorp.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func Hashicorp() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("hashicorpToken", sampleHex14Token+".atlasv1."+sampleExtendedAlphaNumeric64Token),
+		generateSampleSecret("hashicorpToken", secrets.NewSecret(hex("14"))+".atlasv1."+secrets.NewSecret(alphaNumericExtended("60,70"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/intercom.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,14 +10,14 @@ func Intercom() *config.Rule {
 	r := config.Rule{
 		Description: "Intercom API Token",
 		RuleID:      "intercom-api-key",
-		Regex:       generateSemiGenericRegex([]string{"intercom"}, extendedAlphaNumeric60),
+		Regex:       generateSemiGenericRegex([]string{"intercom"}, alphaNumericExtended("60")),
 		SecretGroup: 1,
 		Keywords:    []string{"intercom"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("intercom", sampleExtendedAlphaNumeric60Token),
+		generateSampleSecret("intercom", secrets.NewSecret(alphaNumericExtended("60"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/linear.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -17,7 +18,7 @@ func LinearAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("linear", "lin_api_"+sampleAlphaNumeric40Token),
+		generateSampleSecret("linear", "lin_api_"+secrets.NewSecret(alphaNumeric("40"))),
 	}
 	return validate(r, tps)
 }
@@ -27,13 +28,13 @@ func LinearClientSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Linear Client Secret",
 		RuleID:      "linear-client-secret",
-		Regex:       generateSemiGenericRegex([]string{"linear"}, hex32),
+		Regex:       generateSemiGenericRegex([]string{"linear"}, hex("32")),
 		Keywords:    []string{"linear"},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("linear", sampleHex32Token),
+		generateSampleSecret("linear", secrets.NewSecret(hex("32"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/linkedin.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -12,7 +13,7 @@ func LinkedinClientSecret() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{
 			"linkedin",
 			"linked-in",
-		}, alphaNumeric16),
+		}, alphaNumeric("16")),
 		SecretGroup: 1,
 		Keywords: []string{
 			"linkedin",
@@ -22,7 +23,7 @@ func LinkedinClientSecret() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("linkedin", sampleAlphaNumeric16Token),
+		generateSampleSecret("linkedin", secrets.NewSecret(alphaNumeric("16"))),
 	}
 	return validate(r, tps)
 }
@@ -35,7 +36,7 @@ func LinkedinClientID() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{
 			"linkedin",
 			"linked-in",
-		}, alphaNumeric14),
+		}, alphaNumeric("14")),
 		SecretGroup: 1,
 		Keywords: []string{
 			"linkedin",
@@ -45,7 +46,7 @@ func LinkedinClientID() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("linkedin", sampleAlphaNumeric14Token),
+		generateSampleSecret("linkedin", secrets.NewSecret(alphaNumeric("14"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/lob.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -19,7 +20,7 @@ func LobPubAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("lob", "test_pub_"+sampleHex31Token),
+		generateSampleSecret("lob", "test_pub_"+secrets.NewSecret(hex("31"))),
 	}
 	return validate(r, tps)
 }
@@ -38,7 +39,7 @@ func LobAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("lob", "test_"+sampleHex35Token),
+		generateSampleSecret("lob", "test_"+secrets.NewSecret(hex("35"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/mailchimp.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func MailChimp() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("mailchimp", sampleHex32Token+"-us20"),
+		generateSampleSecret("mailchimp", secrets.NewSecret(hex("32"))+"-us20"),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/mailgun.go

@@ -1,10 +1,8 @@
 package rules
 
 import (
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func MailGunPrivateAPIToken() *config.Rule {
@@ -21,17 +19,9 @@ func MailGunPrivateAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("mailgun", "key-"+sampleHex32Token),
-	}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate mailgun-private-api-token")
-		}
+		generateSampleSecret("mailgun", "key-"+secrets.NewSecret(hex("32"))),
 	}
-	return &r
+	return validate(r, tps)
 }
 
 func MailGunPubAPIToken() *config.Rule {
@@ -48,17 +38,9 @@ func MailGunPubAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("mailgun", "pubkey-"+sampleHex32Token),
+		generateSampleSecret("mailgun", "pubkey-"+secrets.NewSecret(hex("32"))),
 	}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate mailgun-pub-key")
-		}
-	}
-	return &r
+	return validate(r, tps)
 }
 
 func MailGunSigningKey() *config.Rule {
@@ -75,7 +57,7 @@ func MailGunSigningKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("mailgun", sampleHex32Token+"-00001111-22223333"),
+		generateSampleSecret("mailgun", secrets.NewSecret(hex("32"))+"-00001111-22223333"),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/mapbox.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -16,7 +17,7 @@ func MapBox() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("mapbox", "pk."+sampleAlphaNumeric60Token+"."+sampleAlphaNumeric22Token),
+		generateSampleSecret("mapbox", "pk."+secrets.NewSecret(alphaNumeric("60"))+"."+secrets.NewSecret(alphaNumeric("22"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/messagebird.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -13,7 +14,7 @@ func MessageBirdAPIToken() *config.Rule {
 			"messagebird",
 			"message-bird",
 			"message_bird",
-		}, alphaNumeric25),
+		}, alphaNumeric("25")),
 		SecretGroup: 1,
 		Keywords: []string{
 			"messagebird",
@@ -24,9 +25,9 @@ func MessageBirdAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("messagebird", sampleAlphaNumeric25Token),
-		generateSampleSecret("message-bird", sampleAlphaNumeric25Token),
-		generateSampleSecret("message_bird", sampleAlphaNumeric25Token),
+		generateSampleSecret("messagebird", secrets.NewSecret(alphaNumeric("25"))),
+		generateSampleSecret("message-bird", secrets.NewSecret(alphaNumeric("25"))),
+		generateSampleSecret("message_bird", secrets.NewSecret(alphaNumeric("25"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/newrelic.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -22,7 +23,7 @@ func NewRelicUserID() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("new-relic", "NRAK-"+sampleAlphaNumeric27Token),
+		generateSampleSecret("new-relic", "NRAK-"+secrets.NewSecret(alphaNumeric("27"))),
 	}
 	return validate(r, tps)
 }
@@ -36,7 +37,7 @@ func NewRelicUserKey() *config.Rule {
 			"new-relic",
 			"newrelic",
 			"new_relic",
-		}, alphaNumeric64),
+		}, alphaNumeric("64")),
 		SecretGroup: 1,
 		Keywords: []string{
 			"new-relic",
@@ -47,7 +48,7 @@ func NewRelicUserKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("new-relic", sampleAlphaNumeric64Token),
+		generateSampleSecret("new-relic", secrets.NewSecret(alphaNumeric("64"))),
 	}
 	return validate(r, tps)
 }
@@ -70,7 +71,7 @@ func NewRelicBrowserAPIKey() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("new-relic", "NRJS-"+sampleHex19Token),
+		generateSampleSecret("new-relic", "NRJS-"+secrets.NewSecret(hex("19"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/npm.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func NPM() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("npmAccessToken", "npm_"+sampleAlphaNumeric36Token),
+		generateSampleSecret("npmAccessToken", "npm_"+secrets.NewSecret(alphaNumeric("36"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/planetscale.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func PlanetScalePassword() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("planetScalePassword", "pscale_pw_"+sampleExtendedAlphaNumeric43Token),
+		generateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(alphaNumericExtended("43"))),
 	}
 	return validate(r, tps)
 }
@@ -37,7 +38,7 @@ func PlanetScaleToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("planetScalePassword", "pscale_tkn_"+sampleExtendedAlphaNumeric43Token),
+		generateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(alphaNumericExtended("43"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/postman.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func PostManAPI() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("postmanAPItoken", "PMAK-"+sampleHex24Token+"-"+sampleHex34Token),
+		generateSampleSecret("postmanAPItoken", "PMAK-"+secrets.NewSecret(hex("24"))+"-"+secrets.NewSecret(hex("34"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/privatekey.go

@@ -11,7 +11,7 @@ func PrivateKey() *config.Rule {
 	r := config.Rule{
 		Description: "Private Key",
 		RuleID:      "private-key",
-		Regex:       regexp.MustCompile(`(?i)-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----`),
+		Regex:       regexp.MustCompile(`(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY-----[\s\S-]*KEY----`),
 		Keywords:    []string{"-----BEGIN PRIVATE"},
 	}
 

cmd/generate/config/rules/pulumi.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func PulumiAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("pulumi-api-token", "pul-"+sampleHex40Token),
+		generateSampleSecret("pulumi-api-token", "pul-"+secrets.NewSecret(hex("40"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/pypi.go

@@ -3,10 +3,8 @@ package rules
 import (
 	"regexp"
 
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func PyPiUploadToken() *config.Rule {
@@ -22,15 +20,7 @@ func PyPiUploadToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"pypiToken := \"pypi-AgEIcHlwaS5vcmc" + sampleHex32Token +
-		sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate pypi-upload-token")
-		}
-	}
-	return &r
+	tps := []string{"pypiToken := \"pypi-AgEIcHlwaS5vcmc" + secrets.NewSecret(hex("32")) +
+		secrets.NewSecret(hex("32")) + "\""}
+	return validate(r, tps)
 }

cmd/generate/config/rules/rubygems.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func RubyGemsAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("rubygemsAPIToken", "rubygems_"+sampleHex48Token),
+		generateSampleSecret("rubygemsAPIToken", "rubygems_"+secrets.NewSecret(hex("48"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/rule.go

@@ -26,72 +26,6 @@ const (
 	secretPrefixUnique = `\b(`
 	secretPrefix       = `(?:'|\"|\s|=|\x60){0,5}(`
 	secretSuffix       = `)['|\"|\n|\r|\s|\x60]`
-
-	// secret regexes
-	hex   = `[a-f0-9]`
-	hex32 = `[a-f0-9]{32}`
-	hex64 = `[a-f0-9]{64}`
-
-	alphaNumeric14 = `[a-z0-9]{14}`
-	alphaNumeric15 = `[a-z0-9]{15}`
-	alphaNumeric16 = `[a-z0-9]{16}`
-	alphaNumeric20 = `[a-z0-9]{20}`
-	alphaNumeric24 = `[a-z0-9]{24}`
-	alphaNumeric25 = `[a-z0-9]{25}`
-	alphaNumeric30 = `[a-z0-9]{30}`
-	alphaNumeric32 = `[a-z0-9]{32}`
-	alphaNumeric64 = `[a-z0-9]{64}`
-
-	numeric16 = `[0-9]{16}`
-	numeric18 = `[0-9]{18}`
-
-	extendedAlphaNumeric32 = `[a-z0-9=_\-]{32}`
-	extendedAlphaNumeric60 = `[a-z0-9_\-]{60}`
-	extendedAlphaNumeric64 = `[a-z0-9_\-]{64}`
-
-	// token examples
-	sampleHex12Token = `b0549eee7368`                                                     // gitleaks:allow
-	sampleHex14Token = `b0549eee7368aa`                                                   // gitleaks:allow
-	sampleHex16Token = `bbb0549eee7368aa`                                                 // gitleaks:allow
-	sampleHex19Token = `d0e94828b0549eee736`                                              // gitleaks:allow
-	sampleHex20Token = `d0e94828b0549eee7368`                                             // gitleaks:allow
-	sampleHex24Token = `d0e94828b0549eee73688888`                                         // gitleaks:allow
-	sampleHex31Token = `d0e94828b0549eee7368e53f6cb41d1`                                  // gitleaks:allow
-	sampleHex32Token = `d0e94828b0549eee7368e53f6cb41d17`                                 // gitleaks:allow
-	sampleHex34Token = `d0e94828b0549eee7368e53f6cb41d17aa`                               // gitleaks:allow
-	sampleHex35Token = `d0e94828b0549eee7368e53f6cb41d17aaa`                              // gitleaks:allow
-	sampleHex40Token = `aaaaad0e94828b0549eee7368e53f6cb41d17aaa`                         // gitleaks:allow
-	sampleHex48Token = `aaaaaaaaaaaaad0e94828b0549eee7368e53f6cb41d17aaa`                 // gitleaks:allow
-	sampleHex64Token = `d0e94828b0549eee7368e53f6cb41d17d0e94828b0549eee7368e53f6cb41d17` // gitleaks:allow
-
-	sampleAlphaNumeric14Token = `00000AAAAAbbbb`
-	sampleAlphaNumeric15Token = `00000AAAAAbbbbb`
-	sampleAlphaNumeric16Token = `00000AAAAAbbbbbb`
-	sampleAlphaNumeric20Token = `00000AAAAAbbbbb99999`
-	sampleAlphaNumeric22Token = `00000AAAAAbbbbb99999qq`
-	sampleAlphaNumeric24Token = `00000AAAAAbbbbb99999qqqq`
-	sampleAlphaNumeric25Token = `00000AAAAAbbbbb99999qqqqq`
-	sampleAlphaNumeric27Token = `00000AAAAAbbbbb99999qqqqqqq`
-	sampleAlphaNumeric30Token = `00000AAAAAbbbbb99999aaaaalllll`
-	sampleAlphaNumeric32Token = `00000AAAAAbbbbb99999aaaaalllllzz`
-	sampleAlphaNumeric36Token = `00000AAAAAbbbbb9999900000AAAAAbbbbb9`
-	sampleAlphaNumeric40Token = `000000000AAAAAbbbbb9999900000AAAAAbbbbb9`
-	sampleAlphaNumeric43Token = `00000AAAAAbbbbb99999aaaaallllpppeqaaaa00000`
-	sampleAlphaNumeric54Token = `00000AAAAAbbbbb99999aaaaallllpppeqaaaa00000ttttttttttt`
-	sampleAlphaNumeric64Token = `00000AAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalllllll`
-
-	sampleNumeric16 = `1111222233334444`
-	sampleNumeric18 = `111122223333444422`
-
-	sampleExtendedAlphaNumeric64Token = `00000AAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalllll_-`
-	sampleExtendedAlphaNumeric66Token = `0000000AAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalllll_-`
-	sampleExtendedAlphaNumeric59Token = `AAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalllll_-`
-	sampleExtendedAlphaNumeric60Token = `AAAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalllll_-`
-	sampleExtendedAlphaNumeric40Token = `00AAAAAbbbbb99999aaaaallll_--eq-=aa00000`
-	sampleExtendedAlphaNumeric43Token = `00000AAAAAbbbbb99999aaaaallll_--eq-=aa00000`
-	sampleExtendedAlphaNumeric32Token = `00000AAAAAbbbbb99999aaaaalllll=_`
-	sampleExtendedAlphaNumeric20Token = `bbb99999aaaaalllll=_`
-	sampleAlphaNumeric60Token         = `00000AAAAAbbbbb99999aaaaalllllzz00000AAAAAbbbbb99999aaaaalll`
 )
 
 func generateSemiGenericRegex(identifiers []string, secretRegex string) *regexp.Regexp {
@@ -121,8 +55,16 @@ func generateSampleSecret(identifier string, secret string) string {
 }
 
 func validate(r config.Rule, truePositives []string) *config.Rule {
+	// normalize keywords like in the config package
+	var keywords []string
+	for _, k := range r.Keywords {
+		keywords = append(keywords, strings.ToLower(k))
+	}
+	r.Keywords = keywords
+
 	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
+		Rules:    []*config.Rule{&r},
+		Keywords: keywords,
 	})
 	for _, tp := range truePositives {
 		if len(d.DetectString(tp)) != 1 {
@@ -131,3 +73,19 @@ func validate(r config.Rule, truePositives []string) *config.Rule {
 	}
 	return &r
 }
+
+func numeric(size string) string {
+	return fmt.Sprintf(`[0-9]{%s}`, size)
+}
+
+func hex(size string) string {
+	return fmt.Sprintf(`[a-f0-9]{%s}`, size)
+}
+
+func alphaNumeric(size string) string {
+	return fmt.Sprintf(`[a-z0-9]{%s}`, size)
+}
+
+func alphaNumericExtended(size string) string {
+	return fmt.Sprintf(`[a-z0-9=_\-]{%s}`, size)
+}

cmd/generate/config/rules/sendgrid.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func SendGridAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("sengridAPIToken", "SG."+sampleExtendedAlphaNumeric66Token),
+		generateSampleSecret("sengridAPIToken", "SG."+secrets.NewSecret(alphaNumericExtended("66"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/sendinblue.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,7 +19,7 @@ func SendInBlueAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("sendinblue", "xkeysib-"+sampleHex64Token+"-"+sampleHex16Token),
+		generateSampleSecret("sendinblue", "xkeysib-"+secrets.NewSecret(hex("64"))+"-"+secrets.NewSecret(alphaNumeric("16"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/shippo.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -18,8 +19,8 @@ func ShippoAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("shippo", "shippo_live_"+sampleHex40Token),
-		generateSampleSecret("shippo", "shippo_test_"+sampleHex40Token),
+		generateSampleSecret("shippo", "shippo_live_"+secrets.NewSecret(hex("40"))),
+		generateSampleSecret("shippo", "shippo_test_"+secrets.NewSecret(hex("40"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/shopify.go

@@ -3,10 +3,8 @@ package rules
 import (
 	"regexp"
 
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func ShopifySharedSecret() *config.Rule {
@@ -19,16 +17,8 @@ func ShopifySharedSecret() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifySecret := \"shpss_" + sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate shopify-shared-secret")
-		}
-	}
-	return &r
+	tps := []string{"shopifySecret := \"shpss_" + secrets.NewSecret(hex("32")) + "\""}
+	return validate(r, tps)
 }
 
 func ShopifyAccessToken() *config.Rule {
@@ -41,16 +31,8 @@ func ShopifyAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shpat_" + sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate shopify-access-token")
-		}
-	}
-	return &r
+	tps := []string{"shopifyToken := \"shpat_" + secrets.NewSecret(hex("32")) + "\""}
+	return validate(r, tps)
 }
 
 func ShopifyCustomAccessToken() *config.Rule {
@@ -63,16 +45,8 @@ func ShopifyCustomAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shpca_" + sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate shopify-custom-access-token")
-		}
-	}
-	return &r
+	tps := []string{"shopifyToken := \"shpca_" + secrets.NewSecret(hex("32")) + "\""}
+	return validate(r, tps)
 }
 
 func ShopifyPrivateAppAccessToken() *config.Rule {
@@ -85,14 +59,6 @@ func ShopifyPrivateAppAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"shopifyToken := \"shppa_" + sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate shopify-private-app-access-token")
-		}
-	}
-	return &r
+	tps := []string{"shopifyToken := \"shppa_" + secrets.NewSecret(hex("32")) + "\""}
+	return validate(r, tps)
 }

cmd/generate/config/rules/slack.go

@@ -3,6 +3,7 @@ package rules
 import (
 	"regexp"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -24,7 +25,7 @@ func SlackAccessToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		"\"slackToken\": \"xoxb-" + sampleHex32Token + "\"",
+		"\"slackToken\": \"xoxb-" + secrets.NewSecret(alphaNumeric("30")) + "\"",
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/stripe.go

@@ -3,10 +3,8 @@ package rules
 import (
 	"regexp"
 
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func StripeAccessToken() *config.Rule {
@@ -24,14 +22,6 @@ func StripeAccessToken() *config.Rule {
 	}
 
 	// validate
-	tps := []string{"stripeToken := \"sk_test_" + sampleHex32Token + "\""}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate stripe-access-token")
-		}
-	}
-	return &r
+	tps := []string{"stripeToken := \"sk_test_" + secrets.NewSecret(alphaNumeric("30")) + "\""}
+	return validate(r, tps)
 }

cmd/generate/config/rules/twilio.go

@@ -3,10 +3,8 @@ package rules
 import (
 	"regexp"
 
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func Twilio() *config.Rule {
@@ -20,15 +18,7 @@ func Twilio() *config.Rule {
 
 	// validate
 	tps := []string{
-		"twilioAPIKey := \"SK" + sampleHex32Token + "\"",
-	}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate twilio")
-		}
+		"twilioAPIKey := \"SK" + secrets.NewSecret(hex("32")) + "\"",
 	}
-	return &r
+	return validate(r, tps)
 }

cmd/generate/config/rules/twitch.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -9,7 +10,7 @@ func TwitchAPIToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "twitch-api-token",
 		Description: "Twitch API token",
-		Regex:       generateSemiGenericRegex([]string{"twitch"}, alphaNumeric30),
+		Regex:       generateSemiGenericRegex([]string{"twitch"}, alphaNumeric("30")),
 		SecretGroup: 1,
 		Keywords: []string{
 			"twitch",
@@ -18,7 +19,7 @@ func TwitchAPIToken() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("twitch", sampleAlphaNumeric30Token),
+		generateSampleSecret("twitch", secrets.NewSecret(alphaNumeric("30"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/config/rules/twitter.go

@@ -1,10 +1,8 @@
 package rules
 
 import (
-	"github.com/rs/zerolog/log"
-
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
-	"github.com/zricethezav/gitleaks/v8/detect"
 )
 
 func Twitter() *config.Rule {
@@ -12,24 +10,15 @@ func Twitter() *config.Rule {
 	r := config.Rule{
 		Description: "twitter",
 		RuleID:      "twitter",
-		Regex: generateSemiGenericRegex([]string{"twitter"},
-			hex+"{35,44}"),
+		Regex:       generateSemiGenericRegex([]string{"twitter"}, hex("35,44")),
 		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
 
 	// validate
 	tps := []string{
-		"twitterToken := \"" + sampleHex32Token + "aaaa\"",
-		"twitterToken := `" + sampleHex32Token + "aaaa`",
-	}
-	d := detect.NewDetector(config.Config{
-		Rules: []*config.Rule{&r},
-	})
-	for _, tp := range tps {
-		if len(d.DetectString(tp)) != 1 {
-			log.Fatal().Msg("Failed to validate twitter")
-		}
+		"twitterToken := \"" + secrets.NewSecret(hex("36")) + "aaaa\"",
+		"twitterToken := `" + secrets.NewSecret(hex("36")) + "aaaa`",
 	}
-	return &r
+	return validate(r, tps)
 }

cmd/generate/config/rules/typeform.go

@@ -1,6 +1,7 @@
 package rules
 
 import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
@@ -19,7 +20,7 @@ func Typeform() *config.Rule {
 
 	// validate
 	tps := []string{
-		generateSampleSecret("typeformAPIToken", "tfp_"+sampleExtendedAlphaNumeric59Token),
+		generateSampleSecret("typeformAPIToken", "tfp_"+secrets.NewSecret(alphaNumericExtended("59"))),
 	}
 	return validate(r, tps)
 }

cmd/generate/secrets/regen.go

@@ -0,0 +1,15 @@
+// Package reggen generates text based on regex definitions
+// This is a slightly altered version of https://github.com/lucasjones/reggen
+package secrets
+
+import (
+	"github.com/lucasjones/reggen"
+)
+
+func NewSecret(regex string) string {
+	g, err := reggen.NewGenerator(regex)
+	if err != nil {
+		panic(err)
+	}
+	return g.Generate(1)
+}

config/gitleaks.toml

@@ -1,3 +1,7 @@
+# This is the default gitleaks configuration file.
+# Rules and allowlists are defined within this file.
+# Rules instruct gitleaks on what should be considered a secret.
+# Allowlists instruct gitleaks on what is allowed, i.e. not a secret.
 title = "gitleaks config"
 
 [allowlist]
@@ -13,14 +17,6 @@ paths = [
     '''(go.mod|go.sum)$'''
 ]
 
-[[rules]]
-description = "Age secret key"
-id = "age secret key"
-regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
-keywords = [
-    "AGE-SECRET-KEY-1",
-]
-
 [[rules]]
 description = "Adobe Client ID (Oauth Web)"
 id = "adobe-client-id"
@@ -33,17 +29,25 @@ keywords = [
 [[rules]]
 description = "Adobe Client Secret"
 id = "adobe-client-secret"
-regex = '''(p8e-)(?i)[a-z0-9]{32}'''
+regex = '''(?i)\b((p8e-)(?i)[a-z0-9]{32})['|\"|\n|\r|\s|\x60]'''
 keywords = [
     "p8e-",
 ]
 
+[[rules]]
+description = "Age secret key"
+id = "age secret key"
+regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
+keywords = [
+    "age-secret-key-1",
+]
+
 [[rules]]
 description = "Alibaba AccessKey ID"
 id = "alibaba-access-key-id"
-regex = '''(LTAI)(?i)[a-z0-9]{20}'''
+regex = '''(?i)\b((LTAI)(?i)[a-z0-9]{20})['|\"|\n|\r|\s|\x60]'''
 keywords = [
-    "LTAI",
+    "ltai",
 ]
 
 [[rules]]
@@ -75,10 +79,10 @@ keywords = [
 [[rules]]
 description = "Atlassian API token"
 id = "atlassian-api-token"
-regex = '''(?i)(?:atlassian)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})['|\"|\n|\r|\s|\x60]'''
+regex = '''(?i)(?:atlassian|confluence)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
-    "atlassian",
+    "atlassian","confluence",
 ]
 
 [[rules]]
@@ -86,7 +90,7 @@ description = "AWS"
 id = "aws-access-token"
 regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
 keywords = [
-    "AKIA","AGPA","AIDA","AROA","AIPA","ANPA","ANVA","ASIA",
+    "akia","agpa","aida","aroa","aipa","anpa","anva","asia",
 ]
 
 [[rules]]
@@ -101,7 +105,7 @@ keywords = [
 [[rules]]
 description = "BitBucket Client Secret"
 id = "bitbucket-client-secret"
-regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_\-]{64})['|\"|\n|\r|\s|\x60]'''
+regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
     "bitbucket",
@@ -119,7 +123,7 @@ keywords = [
 [[rules]]
 description = "Clojars API token"
 id = "clojars-api-token"
-regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
+regex = '''(?i)(CLOJARS_)[a-z0-9]{60}'''
 keywords = [
     "clojars",
 ]
@@ -127,7 +131,7 @@ keywords = [
 [[rules]]
 description = "Contentful delivery API token"
 id = "contentful-delivery-api-token"
-regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\-=_]{43})['|\"|\n|\r|\s|\x60]'''
+regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
     "contentful",
@@ -136,7 +140,7 @@ keywords = [
 [[rules]]
 description = "Databricks API token"
 id = "databricks-api-token"
-regex = '''dapi[a-h0-9]{32}'''
+regex = '''(?i)\b(dapi[a-h0-9]{32})['|\"|\n|\r|\s|\x60]'''
 keywords = [
     "dapi",
 ]
@@ -222,7 +226,7 @@ description = "EasyPost API token"
 id = "easypost-api-token"
 regex = '''EZAK(?i)[a-z0-9]{54}'''
 keywords = [
-    "EZAK",
+    "ezak",
 ]
 
 [[rules]]
@@ -230,7 +234,7 @@ description = "EasyPost test API token"
 id = "easypost-test-api-token"
 regex = '''EZTK(?i)[a-z0-9]{54}'''
 keywords = [
-    "EZTK",
+    "eztk",
 ]
 
 [[rules]]
@@ -274,7 +278,7 @@ description = "Finicity Public Key"
 id = "flutterwave-public-key"
 regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
 keywords = [
-    "FLWPUBK_TEST",
+    "flwpubk_test",
 ]
 
 [[rules]]
@@ -282,7 +286,7 @@ description = "Finicity Secret Key"
 id = "flutterwave-public-key"
 regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
 keywords = [
-    "FLWSECK_TEST",
+    "flwseck_test",
 ]
 
 [[rules]]
@@ -290,7 +294,7 @@ description = "Finicity Secret Key"
 id = "flutterwave-public-key"
 regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
 keywords = [
-    "FLWSECK_TEST",
+    "flwseck_test",
 ]
 
 [[rules]]
@@ -388,7 +392,7 @@ keywords = [
 [[rules]]
 description = "Intercom API Token"
 id = "intercom-api-key"
-regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_\-]{60})['|\"|\n|\r|\s|\x60]'''
+regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
     "intercom",
@@ -513,7 +517,7 @@ id = "new-relic-user-api-key"
 regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
-    "NRAK",
+    "nrak",
 ]
 
 [[rules]]
@@ -531,7 +535,7 @@ id = "new-relic-browser-api-token"
 regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
-    "NRJS-",
+    "nrjs-",
 ]
 
 [[rules]]
@@ -567,15 +571,15 @@ id = "postman-api-token"
 regex = '''(?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
-    "PMAK-",
+    "pmak-",
 ]
 
 [[rules]]
 description = "Private Key"
 id = "private-key"
-regex = '''(?i)-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----'''
+regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY-----[\s\S-]*KEY----'''
 keywords = [
-    "-----BEGIN PRIVATE",
+    "-----begin private",
 ]
 
 [[rules]]
@@ -592,7 +596,7 @@ description = "PyPI upload token"
 id = "pypi-upload-token"
 regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
 keywords = [
-    "pypi-AgEIcHlwaS5vcmc",
+    "pypi-ageichlwas5vcmc",
 ]
 
 [[rules]]
@@ -610,7 +614,7 @@ id = "sendgrid-api-token"
 regex = '''(?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})['|\"|\n|\r|\s|\x60]'''
 secretGroup = 1
 keywords = [
-    "SG.",
+    "sg.",
 ]
 
 [[rules]]

go.mod

@@ -17,6 +17,7 @@ require (
 	github.com/h2non/filetype v1.1.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/lucasjones/reggen v0.0.0-20200904144131-37ba4fa293bb
 	github.com/magiconair/properties v1.8.5 // indirect
 	github.com/mitchellh/mapstructure v1.4.1 // indirect
 	github.com/pelletier/go-toml v1.9.3 // indirect

go.sum

@@ -183,6 +183,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lucasjones/reggen v0.0.0-20200904144131-37ba4fa293bb h1:w1g9wNDIE/pHSTmAaUhv4TZQuPBS6GV3mMz5hkgziIU=
+github.com/lucasjones/reggen v0.0.0-20200904144131-37ba4fa293bb/go.mod h1:5ELEyG+X8f+meRWHuqUOewBOhvHkl7M76pdGEansxW4=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=