Add detection for OpenAI API keys (#1148)

* Add detection for OpenAI API keys

* Remove `sk-` keyword

cmd/generate/config/main.go

@@ -116,6 +116,7 @@ func main() {
 	configRules = append(configRules, rules.NPM())
 	configRules = append(configRules, rules.NytimesAccessToken())
 	configRules = append(configRules, rules.OktaAccessToken())
+	configRules = append(configRules, rules.OpenAI())
 	configRules = append(configRules, rules.PlaidAccessID())
 	configRules = append(configRules, rules.PlaidSecretKey())
 	configRules = append(configRules, rules.PlaidAccessToken())

cmd/generate/config/rules/openai.go

@@ -0,0 +1,25 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func OpenAI() *config.Rule {
+	// define rule
+	r := config.Rule{
+		RuleID:      "openai-api-key",
+		Description: "OpenAI API Key",
+		Regex:       generateUniqueTokenRegex(`sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20}`),
+		SecretGroup: 1,
+		Keywords: []string{
+			"T3BlbkFJ",
+		},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("openaiApiKey", "sk-"+secrets.NewSecret(alphaNumeric("20"))+"T3BlbkFJ"+secrets.NewSecret(alphaNumeric("20"))),
+	}
+	return validate(r, tps, nil)
+}

config/gitleaks.toml

@@ -2371,6 +2371,15 @@ keywords = [
     "okta",
 ]
 
+[[rules]]
+description = "OpenAI API Key"
+id = "openai-api-key"
+regex = '''(?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "sk-","t3blbkfj",
+]
+
 [[rules]]
 description = "Plaid API Token"
 id = "plaid-api-token"