remove secretgroup from default config (#1288)

* remove secretgroup from default config

* update test data and AWS

* leave secretgroup

CONTRIBUTING.md

@@ -35,7 +35,7 @@ If you want to add a new rule to the [default Gitleaks configuration](https://gi
            RuleID:      "beamer-api-token",
 
            // Regex capture group for the actual secret
-           SecretGroup: 1,
+           
 
 
            // Regex used for detecting secrets. See regex section below for more details

cmd/generate/config/rules/adafruit.go

@@ -11,7 +11,6 @@ func AdafruitAPIKey() *config.Rule {
 		Description: "Adafruit API Key",
 		RuleID:      "adafruit-api-key",
 		Regex:       generateSemiGenericRegex([]string{"adafruit"}, alphaNumericExtendedShort("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"adafruit"},
 	}
 

cmd/generate/config/rules/adobe.go

@@ -11,7 +11,6 @@ func AdobeClientID() *config.Rule {
 		Description: "Adobe Client ID (OAuth Web)",
 		RuleID:      "adobe-client-id",
 		Regex:       generateSemiGenericRegex([]string{"adobe"}, hex("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"adobe"},
 	}
 

cmd/generate/config/rules/airtable.go

@@ -11,7 +11,6 @@ func Airtable() *config.Rule {
 		Description: "Airtable API Key",
 		RuleID:      "airtable-api-key",
 		Regex:       generateSemiGenericRegex([]string{"airtable"}, alphaNumeric("17"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"airtable"},
 	}
 

cmd/generate/config/rules/alibaba.go

@@ -29,8 +29,8 @@ func AlibabaSecretKey() *config.Rule {
 		RuleID:      "alibaba-secret-key",
 		Regex: generateSemiGenericRegex([]string{"alibaba"},
 			alphaNumeric("30"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"alibaba"},
+
+		Keywords: []string{"alibaba"},
 	}
 
 	// validate

cmd/generate/config/rules/asana.go

@@ -11,7 +11,6 @@ func AsanaClientID() *config.Rule {
 		Description: "Asana Client ID",
 		RuleID:      "asana-client-id",
 		Regex:       generateSemiGenericRegex([]string{"asana"}, numeric("16"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"asana"},
 	}
 
@@ -28,8 +27,8 @@ func AsanaClientSecret() *config.Rule {
 		Description: "Asana Client Secret",
 		RuleID:      "asana-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"asana"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"asana"},
+
+		Keywords: []string{"asana"},
 	}
 
 	// validate

cmd/generate/config/rules/atlassian.go

@@ -12,8 +12,7 @@ func Atlassian() *config.Rule {
 		RuleID:      "atlassian-api-token",
 		Regex: generateSemiGenericRegex([]string{
 			"atlassian", "confluence", "jira"}, alphaNumeric("24"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"atlassian", "confluence", "jira"},
+		Keywords: []string{"atlassian", "confluence", "jira"},
 	}
 
 	// validate

cmd/generate/config/rules/authress.go

@@ -13,7 +13,6 @@ func Authress() *config.Rule {
 	r := config.Rule{
 		Description: "Authress Service Client Access Key",
 		RuleID:      "authress-service-client-access-key",
-		SecretGroup: 1,
 		Regex:       generateUniqueTokenRegex(`(?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120}`, true),
 		Keywords:    []string{"sc_", "ext_", "scauth_", "authress_"},
 	}

cmd/generate/config/rules/aws.go

@@ -12,7 +12,7 @@ func AWS() *config.Rule {
 		Description: "AWS",
 		RuleID:      "aws-access-token",
 		Regex: regexp.MustCompile(
-			"(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+			"(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 		Keywords: []string{
 			"AKIA",
 			"AGPA",

cmd/generate/config/rules/beamer.go

@@ -10,7 +10,6 @@ func Beamer() *config.Rule {
 	r := config.Rule{
 		Description: "Beamer API token",
 		RuleID:      "beamer-api-token",
-		SecretGroup: 1,
 		Regex: generateSemiGenericRegex([]string{"beamer"},
 			`b_[a-z0-9=_\-]{44}`, true),
 		Keywords: []string{"beamer"},

cmd/generate/config/rules/bitbucket.go

@@ -11,7 +11,6 @@ func BitBucketClientID() *config.Rule {
 		Description: "Bitbucket Client ID",
 		RuleID:      "bitbucket-client-id",
 		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"bitbucket"},
 	}
 
@@ -28,8 +27,8 @@ func BitBucketClientSecret() *config.Rule {
 		Description: "Bitbucket Client Secret",
 		RuleID:      "bitbucket-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"bitbucket"}, alphaNumericExtended("64"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"bitbucket"},
+
+		Keywords: []string{"bitbucket"},
 	}
 
 	// validate

cmd/generate/config/rules/bittrex.go

@@ -11,7 +11,6 @@ func BittrexAccessKey() *config.Rule {
 		Description: "Bittrex Access Key",
 		RuleID:      "bittrex-access-key",
 		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"bittrex"},
 	}
 
@@ -28,8 +27,8 @@ func BittrexSecretKey() *config.Rule {
 		Description: "Bittrex Secret Key",
 		RuleID:      "bittrex-secret-key",
 		Regex:       generateSemiGenericRegex([]string{"bittrex"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"bittrex"},
+
+		Keywords: []string{"bittrex"},
 	}
 
 	// validate

cmd/generate/config/rules/codecov.go

@@ -11,7 +11,6 @@ func CodecovAccessToken() *config.Rule {
 		RuleID:      "codecov-access-token",
 		Description: "Codecov Access Token",
 		Regex:       generateSemiGenericRegex([]string{"codecov"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"codecov",
 		},

cmd/generate/config/rules/coinbase.go

@@ -12,7 +12,6 @@ func CoinbaseAccessToken() *config.Rule {
 		Description: "Coinbase Access Token",
 		Regex: generateSemiGenericRegex([]string{"coinbase"},
 			alphaNumericExtendedShort("64"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"coinbase",
 		},

cmd/generate/config/rules/confluent.go

@@ -11,7 +11,6 @@ func ConfluentSecretKey() *config.Rule {
 		RuleID:      "confluent-secret-key",
 		Description: "Confluent Secret Key",
 		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("64"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"confluent",
 		},
@@ -30,7 +29,7 @@ func ConfluentAccessToken() *config.Rule {
 		RuleID:      "confluent-access-token",
 		Description: "Confluent Access Token",
 		Regex:       generateSemiGenericRegex([]string{"confluent"}, alphaNumeric("16"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"confluent",
 		},

cmd/generate/config/rules/contentful.go

@@ -12,8 +12,7 @@ func Contentful() *config.Rule {
 		RuleID:      "contentful-delivery-api-token",
 		Regex: generateSemiGenericRegex([]string{"contentful"},
 			alphaNumericExtended("43"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"contentful"},
+		Keywords: []string{"contentful"},
 	}
 
 	// validate

cmd/generate/config/rules/datadog.go

@@ -12,7 +12,6 @@ func DatadogtokenAccessToken() *config.Rule {
 		Description: "Datadog Access Token",
 		Regex: generateSemiGenericRegex([]string{"datadog"},
 			alphaNumeric("40"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"datadog",
 		},

cmd/generate/config/rules/definednetworking.go

@@ -14,9 +14,6 @@ func DefinedNetworkingAPIToken() *config.Rule {
 		// Unique ID for the rule
 		RuleID: "defined-networking-api-token",
 
-		// Regex capture group for the actual secret
-		SecretGroup: 1,
-
 		// Regex used for detecting secrets. See regex section below for more details
 		Regex: generateSemiGenericRegex([]string{"dnkey"}, `dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}`, true),
 

cmd/generate/config/rules/digitalocean.go

@@ -9,7 +9,6 @@ func DigitalOceanPAT() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean Personal Access Token",
 		RuleID:      "digitalocean-pat",
-		SecretGroup: 1,
 		Regex:       generateUniqueTokenRegex(`dop_v1_[a-f0-9]{64}`, true),
 		Keywords:    []string{"dop_v1_"},
 	}
@@ -24,9 +23,9 @@ func DigitalOceanOAuthToken() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean OAuth Access Token",
 		RuleID:      "digitalocean-access-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`, true),
-		Keywords:    []string{"doo_v1_"},
+
+		Regex:    generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`, true),
+		Keywords: []string{"doo_v1_"},
 	}
 
 	tps := []string{
@@ -39,9 +38,9 @@ func DigitalOceanRefreshToken() *config.Rule {
 	r := config.Rule{
 		Description: "DigitalOcean OAuth Refresh Token",
 		RuleID:      "digitalocean-refresh-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`, true),
-		Keywords:    []string{"dor_v1_"},
+
+		Regex:    generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`, true),
+		Keywords: []string{"dor_v1_"},
 	}
 
 	tps := []string{

cmd/generate/config/rules/discord.go

@@ -11,7 +11,6 @@ func DiscordAPIToken() *config.Rule {
 		Description: "Discord API key",
 		RuleID:      "discord-api-token",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, hex("64"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
@@ -28,7 +27,6 @@ func DiscordClientID() *config.Rule {
 		Description: "Discord client ID",
 		RuleID:      "discord-client-id",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, numeric("18"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 
@@ -45,7 +43,6 @@ func DiscordClientSecret() *config.Rule {
 		Description: "Discord client secret",
 		RuleID:      "discord-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"discord"}, alphaNumericExtended("32"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"discord"},
 	}
 

cmd/generate/config/rules/droneci.go

@@ -11,7 +11,7 @@ func DroneciAccessToken() *config.Rule {
 		RuleID:      "droneci-access-token",
 		Description: "Droneci Access Token",
 		Regex:       generateSemiGenericRegex([]string{"droneci"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"droneci",
 		},

cmd/generate/config/rules/dropbox.go

@@ -11,8 +11,8 @@ func DropBoxAPISecret() *config.Rule {
 		Description: "Dropbox API secret",
 		RuleID:      "dropbox-api-token",
 		Regex:       generateSemiGenericRegex([]string{"dropbox"}, alphaNumeric("15"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"dropbox"},
+
+		Keywords: []string{"dropbox"},
 	}
 
 	// validate

cmd/generate/config/rules/etsy.go

@@ -11,7 +11,7 @@ func EtsyAccessToken() *config.Rule {
 		RuleID:      "etsy-access-token",
 		Description: "Etsy Access Token",
 		Regex:       generateSemiGenericRegex([]string{"etsy"}, alphaNumeric("24"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"etsy",
 		},

cmd/generate/config/rules/facebook.go

@@ -11,8 +11,8 @@ func Facebook() *config.Rule {
 		Description: "Facebook Access Token",
 		RuleID:      "facebook",
 		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"facebook"},
+
+		Keywords: []string{"facebook"},
 	}
 
 	// validate

cmd/generate/config/rules/fastly.go

@@ -11,8 +11,8 @@ func FastlyAPIToken() *config.Rule {
 		Description: "Fastly API key",
 		RuleID:      "fastly-api-token",
 		Regex:       generateSemiGenericRegex([]string{"fastly"}, alphaNumericExtended("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"fastly"},
+
+		Keywords: []string{"fastly"},
 	}
 
 	// validate

cmd/generate/config/rules/finicity.go

@@ -11,8 +11,8 @@ func FinicityClientSecret() *config.Rule {
 		Description: "Finicity Client Secret",
 		RuleID:      "finicity-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"finicity"}, alphaNumeric("20"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"finicity"},
+
+		Keywords: []string{"finicity"},
 	}
 
 	// validate
@@ -28,8 +28,8 @@ func FinicityAPIToken() *config.Rule {
 		Description: "Finicity API token",
 		RuleID:      "finicity-api-token",
 		Regex:       generateSemiGenericRegex([]string{"finicity"}, hex("32"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"finicity"},
+
+		Keywords: []string{"finicity"},
 	}
 
 	// validate

cmd/generate/config/rules/finnhub.go

@@ -11,7 +11,7 @@ func FinnhubAccessToken() *config.Rule {
 		RuleID:      "finnhub-access-token",
 		Description: "Finnhub Access Token",
 		Regex:       generateSemiGenericRegex([]string{"finnhub"}, alphaNumeric("20"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"finnhub",
 		},

cmd/generate/config/rules/flickr.go

@@ -11,7 +11,7 @@ func FlickrAccessToken() *config.Rule {
 		RuleID:      "flickr-access-token",
 		Description: "Flickr Access Token",
 		Regex:       generateSemiGenericRegex([]string{"flickr"}, alphaNumeric("32"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"flickr",
 		},

cmd/generate/config/rules/freshbooks.go

@@ -11,7 +11,7 @@ func FreshbooksAccessToken() *config.Rule {
 		RuleID:      "freshbooks-access-token",
 		Description: "Freshbooks Access Token",
 		Regex:       generateSemiGenericRegex([]string{"freshbooks"}, alphaNumeric("64"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"freshbooks",
 		},

cmd/generate/config/rules/gcp.go

@@ -30,7 +30,7 @@ func GCPAPIKey() *config.Rule {
 		RuleID:      "gcp-api-key",
 		Description: "GCP API key",
 		Regex:       generateUniqueTokenRegex(`AIza[0-9A-Za-z\\-_]{35}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"AIza",
 		},

cmd/generate/config/rules/generic.go

@@ -20,7 +20,6 @@ func GenericCredential() *config.Rule {
 			"auth",
 			"access",
 		}, `[0-9a-z\-_.=]{10,150}`, true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"key",
 			"api",

cmd/generate/config/rules/gitter.go

@@ -12,7 +12,7 @@ func GitterAccessToken() *config.Rule {
 		Description: "Gitter Access Token",
 		Regex: generateSemiGenericRegex([]string{"gitter"},
 			alphaNumericExtendedShort("40"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"gitter",
 		},

cmd/generate/config/rules/gocardless.go

@@ -11,7 +11,7 @@ func GoCardless() *config.Rule {
 		RuleID:      "gocardless-api-token",
 		Description: "GoCardless API token",
 		Regex:       generateSemiGenericRegex([]string{"gocardless"}, `live_(?i)[a-z0-9\-_=]{40}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"live_",
 			"gocardless",

cmd/generate/config/rules/grafana.go

@@ -10,9 +10,9 @@ func GrafanaApiKey() *config.Rule {
 	r := config.Rule{
 		Description: "Grafana api key (or Grafana cloud api key)",
 		RuleID:      "grafana-api-key",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`eyJrIjoi[A-Za-z0-9]{70,400}={0,2}`, true),
-		Keywords:    []string{"eyJrIjoi"},
+
+		Regex:    generateUniqueTokenRegex(`eyJrIjoi[A-Za-z0-9]{70,400}={0,2}`, true),
+		Keywords: []string{"eyJrIjoi"},
 	}
 
 	// validate
@@ -29,9 +29,9 @@ func GrafanaCloudApiToken() *config.Rule {
 	r := config.Rule{
 		Description: "Grafana cloud api token",
 		RuleID:      "grafana-cloud-api-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`glc_[A-Za-z0-9+/]{32,400}={0,2}`, true),
-		Keywords:    []string{"glc_"},
+
+		Regex:    generateUniqueTokenRegex(`glc_[A-Za-z0-9+/]{32,400}={0,2}`, true),
+		Keywords: []string{"glc_"},
 	}
 
 	// validate
@@ -48,9 +48,9 @@ func GrafanaServiceAccountToken() *config.Rule {
 	r := config.Rule{
 		Description: "Grafana service account token",
 		RuleID:      "grafana-service-account-token",
-		SecretGroup: 1,
-		Regex:       generateUniqueTokenRegex(`glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}`, true),
-		Keywords:    []string{"glsa_"},
+
+		Regex:    generateUniqueTokenRegex(`glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}`, true),
+		Keywords: []string{"glsa_"},
 	}
 
 	// validate

cmd/generate/config/rules/heroku.go

@@ -10,8 +10,8 @@ func Heroku() *config.Rule {
 		Description: "Heroku API Key",
 		RuleID:      "heroku-api-key",
 		Regex:       generateSemiGenericRegex([]string{"heroku"}, hex8_4_4_4_12(), true),
-		SecretGroup: 1,
-		Keywords:    []string{"heroku"},
+
+		Keywords: []string{"heroku"},
 	}
 
 	// validate

cmd/generate/config/rules/hubspot.go

@@ -11,8 +11,8 @@ func HubSpot() *config.Rule {
 		RuleID:      "hubspot-api-key",
 		Regex: generateSemiGenericRegex([]string{"hubspot"},
 			`[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}`, true),
-		SecretGroup: 1,
-		Keywords:    []string{"hubspot"},
+
+		Keywords: []string{"hubspot"},
 	}
 
 	// validate

cmd/generate/config/rules/huggingface.go

@@ -18,8 +18,8 @@ func HuggingFaceAccessToken() *config.Rule {
 		RuleID:      "huggingface-access-token",
 		Description: "Hugging Face Access token",
 		Regex:       regexp.MustCompile(`(?:^|[\\'"` + "`" + ` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` + "`" + ` <])`),
-		SecretGroup: 1,
-		Entropy:     1,
+
+		Entropy: 1,
 		Keywords: []string{
 			"hf_",
 		},
@@ -73,8 +73,8 @@ func HuggingFaceOrganizationApiToken() *config.Rule {
 		RuleID:      "huggingface-organization-api-token",
 		Description: "Hugging Face Organization API token",
 		Regex:       regexp.MustCompile(`(?:^|[\\'"` + "`" + ` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` + "`" + ` <\),])`),
-		SecretGroup: 1,
-		Entropy:     2,
+
+		Entropy: 2,
 		Keywords: []string{
 			"api_org_",
 		},

cmd/generate/config/rules/infracost.go

@@ -15,7 +15,6 @@ func InfracostAPIToken() *config.Rule {
 		RuleID: "infracost-api-token",
 
 		// Regex capture group for the actual secret
-		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
 		Regex: generateUniqueTokenRegex(`ico-[a-zA-Z0-9]{32}`, true),

cmd/generate/config/rules/intercom.go

@@ -11,8 +11,8 @@ func Intercom() *config.Rule {
 		Description: "Intercom API Token",
 		RuleID:      "intercom-api-key",
 		Regex:       generateSemiGenericRegex([]string{"intercom"}, alphaNumericExtended("60"), true),
-		SecretGroup: 1,
-		Keywords:    []string{"intercom"},
+
+		Keywords: []string{"intercom"},
 	}
 
 	// validate

cmd/generate/config/rules/jfrog.go

@@ -19,7 +19,6 @@ func JFrogAPIKey() *config.Rule {
 		RuleID: "jfrog-api-key",
 
 		// Regex capture group for the actual secret
-		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
 		Regex: generateSemiGenericRegex(keywords, alphaNumeric("73"), true),
@@ -46,7 +45,6 @@ func JFrogIdentityToken() *config.Rule {
 		RuleID: "jfrog-identity-token",
 
 		// Regex capture group for the actual secret
-		SecretGroup: 1,
 
 		// Regex used for detecting secrets. See regex section below for more details
 		Regex: generateSemiGenericRegex(keywords, alphaNumeric("64"), true),

cmd/generate/config/rules/jwt.go

@@ -24,7 +24,7 @@ func JWT() *config.Rule {
 		`https://dai2-playlistserver.aws.syncbak.com/cpl/20980038/dai2v5/1.0/7b2264657669636554797065223a387d/master.m3u8?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkdyYXkyMDE2MDgyOSJ9.eyJtaWQiOiIyMDk4MDAzOCIsImNpZCI6MjE5MDMsInNpZCI6MTU4LCJtZDUiOiIwN2QxMmRjNjAwOTM2MGI0MmY3NjNkNTRiMWIwZjI1NCIsImlhdCI6MTY2MDkxMzU2MCwiZXhwIjoxNjkyNDQ5NTYwLCJpc3MiOiJTeW5jYmFrIChURykifQ.JrWVgwzIn_RcNuWhkzIjr1i4qjXU1v4n0KFrSzoTQvQ`,                                                                                                                                                                                                                                                                                                  // gitleaks:allow		`
 		`"SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA",`, // gitleaks:allow
 		`2020/11/04 21:08:40 Access Token:
-		"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiYTAwYzI3ZDEtYjVhYS00NjU0LWFmMTYtYjExNzNkZTY1NjI5Iiwicm9sZXMiOlsiYWRtaW4iXSwiaWF0IjoxNjA0NTE2OTIwLCJleHAiOjE2MDQ1MTc4MjAsImp0aSI6IjYzNmVmMDc0LTE2MzktNGJhZi1hNGNiLTQ4ZDM4NGMxMzliYSIsImlzcyI6Im15YXBwIn0.T9B0zG0AHShO5JfQgrMQBlToH33KHgp8nLMPFpN6QmM"`,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  // gitleaks:allow
+		"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiYTAwYzI3ZDEtYjVhYS00NjU0LWFmMTYtYjExNzNkZTY1NjI5Iiwicm9sZXMiOlsiYWRtaW4iXSwiaWF0IjoxNjA0NTE2OTIwLCJleHAiOjE2MDQ1MTc4MjAsImp0aSI6IjYzNmVmMDc0LTE2MzktNGJhZi1hNGNiLTQ4ZDM4NGMxMzliYSIsImlzcyI6Im15YXBwIn0.T9B0zG0AHShO5JfQgrMQBlToH33KHgp8nLMPFpN6QmM"`, // gitleaks:allow
 		`"idToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik56azVNREl5TVRnNFJqWTBORGswT0VJM1JrRXpORGN4UmtVMU1FWXdNemczT1VKQlFqRTBNZyJ9.eyJuaWNrbmFtZSI6InRlc3QtaW50ZXJhY3RpdmUtY2xpIiwibmFtZSI6IlRlc3RpbmcgSW50ZXJhY3RpdmUgQ2xpIiwicGljdHVyZSI6Imh0dHBzOi8vaW50ZXJhdGNpdmUuY2xpL3Rlc3RpbmcucG5nIiwidXBkYXRlZF9hdCI6IjIwMTktMDktMTZUMTU6MTg6NDMuOTk5WiIsImVtYWlsIjoidGVzdGluZ0BpbnRlcmFjdGl2ZS5jbGkiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiaXNzIjoiaHR0cHM6Ly9zZXJ2ZXJsZXNzaW5jLmF1dGgwLmNvbS8iLCJzdWIiOiJ0ZXN0LWludGVyYWN0aXZlLWNsaSIsImF1ZCI6IlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYIiwiaWF0IjoxNTYwMDAwMDAwLCJleHAiOjMwMDAwMDAwMDB9.GcNQtWSxv9CHTABw-HIjYSvRxTEapDUDqIIWRGmz01XmShQxRGOHRuUg1NKU4w9MpOlB6txHKs8UWd2eZkzw_Z4QmIuLyAVhVklpWP2-xeysPLUyqVTgqAg8kgIUAwdKjmrdpQqHhGd-Q1BIX62-E-qKKx8prmADSw_hgmuvlMuSCa1ajCnfyUXycQxDmbFrvjd24lJER0FSpB2nWWW3KxZ_UBX-TuVmiEtRXg9GYeSv6oIU78PrIhYgJ0QjERRF1yAYamIXNRs-KZ7Z4YiFNC4uKzFH1524pZkS4Q0-pweIvBrrsjekz-vEYcbaVG1zAxDu_yNrYPk5phCy8MHTrQ",`, // gitleaks:allow
 		`TokenIssuer1WithAzp = "eyJhbGciOiJSUzI1NiIsImtpZCI6InRUX3c5TFJOclk3d0phbEdzVFlTdDdydXRaaTg2R3Z5YzBFS1I0Q2FRQXciLCJ0eXAiOiJKV1QifQ.eyJhenAiOiJiYXIiLCJleHAiOjQ3MzQxMjU0NTMsImlhdCI6MTU4MDUyNTQ1MywiaXNzIjoidGVzdC1pc3N1ZXItMUBpc3Rpby5pbyIsInN1YiI6InN1Yi0xIn0.SO4qjRJPYItkpGGpCDfEhaUfdthO8L9b_aawao4dJKyqqXN0uYdsJau_JZzyPQ1emAmJP7VyjwELrlszA6xV65na_O-eny23iwhEoroChQMpcr9DWqSUBUfpbHSPFAjUv38SUbQfLgar0HrMxQlTAzB0vyzn2g6-cukP469ZlOUmzvi9b4UpolTLp_WPgEHKjZw8CL56CcuJqBIKgfn0M7ta2bY_qx-UrsEW0CqnXol7vhXuDAfMeWZYKuDP8qc2VH1T6wpO2JnZ0EaNDuZfQLOWFYKsFGlaYcus9j462AfJQBSFQTbkIjkvKMK6aI_rMEesAnJr2eei1UYi14JYiQ"`,                                                                                                                                                                                                                                                                                                                                                                      // gitleaks:allow
 		`eyJhbGciOiJSUzI1NiIsImtpZCI6IkRIRmJwb0lVcXJZOHQyenBBMnFYZkNtcjVWTzVaRXI0UnpIVV8tZW52dlEiLCJ0eXAiOiJKV1QifQ.eyJleHAiOjM1MzczOTExMDQsImdyb3VwcyI6WyJncm91cDEiLCJncm91cDIiXSwiaWF0IjoxNTM3MzkxMTA0LCJpc3MiOiJ0ZXN0aW5nQHNlY3VyZS5pc3Rpby5pbyIsInNjb3BlIjpbInNjb3BlMSIsInNjb3BlMiJdLCJzdWIiOiJ0ZXN0aW5nQHNlY3VyZS5pc3Rpby5pbyJ9.EdJnEZSH6X8hcyEii7c8H5lnhgjB5dwo07M5oheC8Xz8mOllyg--AHCFWHybM48reunF--oGaG6IXVngCEpVF0_P5DwsUoBgpPmK1JOaKN6_pe9sh0ZwTtdgK_RP01PuI7kUdbOTlkuUi2AO-qUyOm7Art2POzo36DLQlUXv8Ad7NBOqfQaKjE9ndaPWT7aexUsBHxmgiGbz1SyLH879f7uHYPbPKlpHU6P9S-DaKnGLaEchnoKnov7ajhrEhGXAQRukhDPKUHO9L30oPIr5IJllEQfHYtt6IZvlNUGeLUcif3wpry1R5tBXRicx2sXMQ7LyuDremDbcNy_iE76Upg`,                                                                                                                                                                                                                                                                                                         // gitleaks:allow
@@ -37,9 +37,9 @@ func JWT() *config.Rule {
 		`string: grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJkZXYtdG8tYW5hbHl0aWMtYXBpLW1hYy10ZXN0QGRldnRvLTE3NTQxOS5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsImF1ZCI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL29hdXRoMi92NC90b2tlbiIsImV4cCI6MTUxOTIyOTAxOSwiaWF0IjoxNTE5MjI4ODk5LCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5hbHl0aWNzLnJlYWRvbmx5In0.V8CSfSS7sKfoE5857jE9WDrGFHF1CyRr3cZpdUv9MjaaTcPRSLuNxB8yrxRP_7hNmlRgx_KdUzBgDJp3M_9tU4rZgFaIC7-bctvz_0rqbnMqSTniHYNGo7w__zO0bRaTpR3ILOfoxCQLcVC-tA4eCIMzRCznkY0VAaoLM7K-hnwQz6fCqSF31fmOwzAdVBPi5qnMETogh_7SiHn4WNUYI0FQf5SFLhcCbBZtORcbANe9hXp9po2P-VTBqs6u9dAZw5kZ2c1l5zbzrjYp5VcYl1XQFQTxP2zgMxhpX3k1UH9ObggOMUxvASyLbPZ7viOPKRlFxkAAHPTN2N1FYbpVeA`,                                                                                                                                                                                             // gitleaks:allow
 		`eyJhbGciOiJSUzI1NiIsImtpZCI6IlM1WGxrRnVIclJRaEVDbmg3cndZZFVTRTFpT0lfQzZsZ2NXbHZoOS1pbVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo1a3B2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiZTZjZmUwZS0yYzFhLTRkNTYtYmVkMC1jYWRmYjYxNzA1N2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.LaBPEh6Qantd8tAc0X5DY9dDwUqZpxu38FHnp9TSJw-ghs3TsjrscFulUeEAtp2ng3ElLcU4SbNKPGJflF2dyW9Tmfn-Kt_6Jwq8HQ9GOCwAicEz0JVireHA7EWhATzuT56eO6MTe-2j5bpGnPQRJJtQ8AbtAN3nVK7RPjSzmc8Ppqx1z5i4oCGwiyRlGwqT-FkCtQLbQaQ4XmrASQoN4pJ_OBy5slztUhk32HdGP6pQx5c-nfei-of_4ij_fHrP0xEEfmVVvXqi9WKv1PLkQ3qTiSFDzv8M2sE4T6XmCGBbw7gyHzEGSpOAPZr00bX_YMCUvEF0lyP4YK696xWCBA`, // gitleaks:allow
 		`$ curl "http://admin:password@127.0.0.1:8080/api/v2/token"
-		{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQVBJIl0sImV4cCI6MTYxMzMzNTI2MSwianRpIjoiYzBrb2gxZmNkcnBjaHNzMGZwZmciLCJuYmYiOjE2MTMzMzQ2MzEsInBlcm1pc3Npb25zIjpbIioiXSwic3ViIjoiYUJ0SHUwMHNBUmxzZ29yeEtLQ1pZZWVqSTRKVTlXbThHSGNiVWtWVmc1TT0iLCJ1c2VybmFtZSI6ImFkbWluIn0.WiyqvUF-92zCr--y4Q_sxn-tPnISFzGZd_exsG-K7ME","expires_at":"2021-02-14T20:41:01Z"}`,                                 // gitleaks:allow
-		`curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQVBJIl0sImV4cCI6MTYxMzMzNTI2MSwianRpIjoiYzBrb2gxZmNkcnBjaHNzMGZwZmciLCJuYmYiOjE2MTMzMzQ2MzEsInBlcm1pc3Npb25zIjpbIioiXSwic3ViIjoiYUJ0SHUwMHNBUmxzZ29yeEtLQ1pZZWVqSTRKVTlXbThHSGNiVWtWVmc1TT0iLCJ1c2VybmFtZSI6ImFkbWluIn0.WiyqvUF-92zCr--y4Q_sxn-tPnISFzGZd_exsG-K7ME" "http://127.0.0.1:8080/api/v2/dumpdata?output-data=1"`, // gitleaks:allow
-		`"authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiZ3Vlc3QiLCJzdWIiOiJZV3hwWTJVPSIsIm5iZiI6MTUxNDg1MTEzOSwiZXhwIjoxNjQxMDgxNTM5fQ.K5DnnbbIOspRbpCr2IKXE9cPVatGOCBrBQobQmBmaeU"`, // gitleaks:allow
+		{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQVBJIl0sImV4cCI6MTYxMzMzNTI2MSwianRpIjoiYzBrb2gxZmNkcnBjaHNzMGZwZmciLCJuYmYiOjE2MTMzMzQ2MzEsInBlcm1pc3Npb25zIjpbIioiXSwic3ViIjoiYUJ0SHUwMHNBUmxzZ29yeEtLQ1pZZWVqSTRKVTlXbThHSGNiVWtWVmc1TT0iLCJ1c2VybmFtZSI6ImFkbWluIn0.WiyqvUF-92zCr--y4Q_sxn-tPnISFzGZd_exsG-K7ME","expires_at":"2021-02-14T20:41:01Z"}`, // gitleaks:allow
+		`curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsiQVBJIl0sImV4cCI6MTYxMzMzNTI2MSwianRpIjoiYzBrb2gxZmNkcnBjaHNzMGZwZmciLCJuYmYiOjE2MTMzMzQ2MzEsInBlcm1pc3Npb25zIjpbIioiXSwic3ViIjoiYUJ0SHUwMHNBUmxzZ29yeEtLQ1pZZWVqSTRKVTlXbThHSGNiVWtWVmc1TT0iLCJ1c2VybmFtZSI6ImFkbWluIn0.WiyqvUF-92zCr--y4Q_sxn-tPnISFzGZd_exsG-K7ME" "http://127.0.0.1:8080/api/v2/dumpdata?output-data=1"`,                                                                                                                                                                                                                                                                                                                                                                                                                                        // gitleaks:allow
+		`"authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiZ3Vlc3QiLCJzdWIiOiJZV3hwWTJVPSIsIm5iZiI6MTUxNDg1MTEzOSwiZXhwIjoxNjQxMDgxNTM5fQ.K5DnnbbIOspRbpCr2IKXE9cPVatGOCBrBQobQmBmaeU"`,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             // gitleaks:allow
 		`{"signatures": [ "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaWxlcyI6W3sibmFtZSI6Ii5tYW5pZmVzdCIsImhhc2giOiJjMjEzMTU0NGM3MTZhMjVhNWUzMWY1MDQzMDBmNTI0MGU4MjM1Y2FkYjlhNTdmMGJkMWI2ZjRiZDc0YjI2NjEyIiwiYWxnb3JpdGhtIjoiU0hBMjU2In0seyJuYW1lIjoicm9sZXMvYmluZGluZ3MvZGF0YS5qc29uIiwiaGFzaCI6IjQyY2ZlNjc2OGI1N2JiNWY3NTAzYzE2NWMyOGRkMDdhYzViODEzNTU0ZWJjODUwZjJjYzM1ODQzZTcxMzdiMWQifV0sImlhdCI6MTU5MjI0ODAyNywiaXNzIjoiSldUU2VydmljZSIsImtleWlkIjoibXlQdWJsaWNLZXkiLCJzY29wZSI6IndyaXRlIn0.ZjtUgXC6USwmhv4XP9gFH6MzZwpZrGpAL_2sTK1P-mg"]}`,                                                                                                                                                                                                                                                                                                             // gitleaks:allow
 		`"id_token": "eyJ4NXQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJraWQiOiJOVEF4Wm1NeE5ETXlaRGczTVRVMVpHTTBNekV6T0RKaFpXSTRORE5sWkRVMU9HRmtOakZpTVEiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiYXpwIjoiUG9FZ1hQNnVWTzQ1SXNFTlJuZ0RYajVBdTVZYSIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImV4cCI6MTUzNDg5MTc3OCwiaWF0IjoxNTM0ODg4MTc4LCJqdGkiOiIxODQ0MzI5Yy1kNjVhLTQ4YTMtODIyOC05ZGY3M2ZlODNkNTYifQ.ELZ8ujk2Xp9xTGgMqnCa5ehuimaAPXWlSCW5QeBbTJIT4M5OB_2XEVIV6p89kftjUdKu50oiYe4SbfrxmLm6NGSGd2qxkjzJK3SRKqsrmVWEn19juj8fz1neKtUdXVHuSZu6ws_bMDy4f_9hN2Jv9dFnkoyeNT54r4jSTJ4A2FzN2rkiURheVVsc8qlm8O7g64Az-5h4UGryyXU4zsnjDCBKYk9jdbEpcUskrFMYhuUlj1RWSASiGhHHHDU5dTRqHkVLIItfG48k_fb-ehU60T7EFWH1JBdNjOxM9oN_yb0hGwOjLUyCUJO_Y7xcd5F4dZzrBg8LffFmvJ09wzHNtQ",`, // gitleaks:allow
 		`      # The following default key is generated by the local Supabase start and doesn't change
@@ -51,7 +51,7 @@ func JWT() *config.Rule {
 		target="_blank"
 		href="https://demo.kuboard.cn/dashboard?k8sToken=eyJhbGciOiJSUzI1NiIsImtpZCI6InZ6SzVqZFNJOXZFMmxQSkhXamNBcFY4RU9FR0RvSUR5bzJIY0NwVG1zODQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJvYXJkLXZpZXdlci10b2tlbi0yOW40cyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJvYXJkLXZpZXdlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjQzMWMwNmYyLTNiNTAtNGEyMy1hYjM1LTkyNDQwNTQ2NzFkZCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJvYXJkLXZpZXdlciJ9.kgwTa6t00gNC0vgr6HOvCqkDghPcW-jVDg-_K6WLy97ppb9jvaqVz-AxXzF7mJqXnNetbJw-8-x_L3ogSsDlTKmRucao96VA2tPKxel8pM04J8MU0ZmYgWhTJelibbxmQK3jwGM4x32bckOOvmtumcXdsBRN0z1SZ1iu4H0VoaswhfoFS4ZJKoe61xyqoDhQx4RLCVJh_-Uctd5RCcPLWFEk-BHqC8vUTy8QcRst6RIIozQdTqsv7Xs6bH6dHrHFS--eVVTH2orQdm8znuUFhlqFOOjmCIMzIlaUQC_SO9URIGYOs0jrk27N9KC0HvQ5dLgFmwyNJ0Gu7cYi23NP1A">
 		在线演示</a></li>`, // gitleaks:allow
-		`eyJhbGciOiJSUzI1NiIsImtpZCI6IlM1WGxrRnVIclJRaEVDbmg3cndZZFVTRTFpT0lfQzZsZ2NXbHZoOS1pbVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo1a3B2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiZTZjZmUwZS0yYzFhLTRkNTYtYmVkMC1jYWRmYjYxNzA1N2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.LaBPEh6Qantd8tAc0X5DY9dDwUqZpxu38FHnp9TSJw-ghs3TsjrscFulUeEAtp2ng3ElLcU4SbNKPGJflF2dyW9Tmfn-Kt_6Jwq8HQ9GOCwAicEz0JVireHA7EWhATzuT56eO6MTe-2j5bpGnPQRJJtQ8AbtAN3nVK7RPjSzmc8Ppqx1z5i4oCGwiyRlGwqT-FkCtQLbQaQ4XmrASQoN4pJ_OBy5slztUhk32HdGP6pQx5c-nfei-of_4ij_fHrP0xEEfmVVvXqi9WKv1PLkQ3qTiSFDzv8M2sE4T6XmCGBbw7gyHzEGSpOAPZr00bX_YMCUvEF0lyP4YK696xWCBA`, // gitleaks:allow
+		`eyJhbGciOiJSUzI1NiIsImtpZCI6IlM1WGxrRnVIclJRaEVDbmg3cndZZFVTRTFpT0lfQzZsZ2NXbHZoOS1pbVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo1a3B2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiZTZjZmUwZS0yYzFhLTRkNTYtYmVkMC1jYWRmYjYxNzA1N2YiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.LaBPEh6Qantd8tAc0X5DY9dDwUqZpxu38FHnp9TSJw-ghs3TsjrscFulUeEAtp2ng3ElLcU4SbNKPGJflF2dyW9Tmfn-Kt_6Jwq8HQ9GOCwAicEz0JVireHA7EWhATzuT56eO6MTe-2j5bpGnPQRJJtQ8AbtAN3nVK7RPjSzmc8Ppqx1z5i4oCGwiyRlGwqT-FkCtQLbQaQ4XmrASQoN4pJ_OBy5slztUhk32HdGP6pQx5c-nfei-of_4ij_fHrP0xEEfmVVvXqi9WKv1PLkQ3qTiSFDzv8M2sE4T6XmCGBbw7gyHzEGSpOAPZr00bX_YMCUvEF0lyP4YK696xWCBA`,                                                                                                                                                              // gitleaks:allow
 		`eyJhbGciOiJSUzI1NiJ9.eyJ1c2VybmFtZSI6IlRlc3QiLCJsb2dnZWQtaW4tdXNlciI6eyJzY29wZWRQZXJtaXNzaW9uIjpbXSwicGVybWlzc2lvbnMiOlsiQS5hZG1pbl9jdXN0b21lcl9kZWxldGUiLCJBLm5vcm1hbF91c2VyX2FwcCIsIkEubm9ybWFsX3VzZXJfY29uZmlndXJhdGlvbiIsIkEubm9ybWFsX3VzZXJfd2VsY29tZV9jb250cm9scyIsIkEubm9ybWFsX3VzZXJfb3JkZXIiLCJBLm5vcm1hbF91c2VyX3NlYXJjaCIsIkEubm9ybWFsX3VzZXJfc2VhcmNoX3BjIiwiQS5ub3JtYWxfdXNlcl9zZWFyY2hfcHJpdmF0ZSIsIkEubm9ybWFsX3VzZXJfcHJpY2luZyIsIkEubm9ybWFsX3VzZXJfcHJpdmF0ZSIsIkEubm9ybWFsX3VzZXJfY29tbWVyY2lhbCIsIkEubm9ybWFsX3VzZXJfcGMiXSwibmFtZSI6WyJUZXN0Il0sIm1haWwiOlsiVGVzdEBleGFtcGxlLmNvbSJdLCJvcmdhbml6YXRpb24iOlsiWC1YeHh4eHguMTIzNCJdLCJsb2NhdGlvbiI6WyIxMjMyMSJdLCJ1bml0IjpbIjEwMyJdLCJjb3VudHJ5IjpbIkNOIl0sInVzZXJUeXBlIjoiZW1wbG95ZWUifSwiaWRlbnRpdHktaWQiOiJNb2NrIn0.EK5TbwsIgde3mT3n7NK2W7TCvpgQQLzshvPPANRQeUmKOv2AWbo_7vNEDTSkwUlaHRN3-dknv8F95p5MsGTzH6Uva8aOPJG6JdBIoYX_ud3aBN-hY1i2Xpf8pqjeINfY3_gDNAB9gdMznEej2uqhPwUXmZtcuWPdUCCeNqPJbRUAJeVXxLr_JtQzO2jmuwNY_YYp7KaEIANZwG1spvLuIGZ0HA03u8ye9c2lfqYcjgfIkjMrwgWPamR7joZOZPdQSO2EHrF7bUWMjRNY-FF5V7tOjEijkknE_nDq5THcEvx1seHYFdFNwy9LSSGGPVmZMKTKQ3UUlZZyBMXcOpOA9w`, // gitleaks:allow
 		// TODO: Detect newlines or escapes (\)?
 		// https://github.com/mongodb/mongo/blob/1960b792ade4e179ddc6113a3cd400e9492ca11d/src/mongo/crypto/README.JWT.md?plain=1#L115-L117

cmd/generate/config/rules/kraken.go

@@ -12,7 +12,7 @@ func KrakenAccessToken() *config.Rule {
 		Description: "Kraken Access Token",
 		Regex: generateSemiGenericRegex([]string{"kraken"},
 			alphaNumericExtendedLong("80,90"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"kraken",
 		},

cmd/generate/config/rules/kucoin.go

@@ -11,7 +11,7 @@ func KucoinAccessToken() *config.Rule {
 		RuleID:      "kucoin-access-token",
 		Description: "Kucoin Access Token",
 		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex("24"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"kucoin",
 		},
@@ -30,7 +30,7 @@ func KucoinSecretKey() *config.Rule {
 		RuleID:      "kucoin-secret-key",
 		Description: "Kucoin Secret Key",
 		Regex:       generateSemiGenericRegex([]string{"kucoin"}, hex8_4_4_4_12(), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"kucoin",
 		},

cmd/generate/config/rules/launchdarkly.go

@@ -11,7 +11,7 @@ func LaunchDarklyAccessToken() *config.Rule {
 		RuleID:      "launchdarkly-access-token",
 		Description: "Launchdarkly Access Token",
 		Regex:       generateSemiGenericRegex([]string{"launchdarkly"}, alphaNumericExtended("40"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"launchdarkly",
 		},

cmd/generate/config/rules/linear.go

@@ -30,7 +30,6 @@ func LinearClientSecret() *config.Rule {
 		RuleID:      "linear-client-secret",
 		Regex:       generateSemiGenericRegex([]string{"linear"}, hex("32"), true),
 		Keywords:    []string{"linear"},
-		SecretGroup: 1,
 	}
 
 	// validate

cmd/generate/config/rules/linkedin.go

@@ -14,7 +14,7 @@ func LinkedinClientSecret() *config.Rule {
 			"linkedin",
 			"linked-in",
 		}, alphaNumeric("16"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"linkedin",
 			"linked-in",
@@ -37,7 +37,7 @@ func LinkedinClientID() *config.Rule {
 			"linkedin",
 			"linked-in",
 		}, alphaNumeric("14"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"linkedin",
 			"linked-in",

cmd/generate/config/rules/lob.go

@@ -11,7 +11,7 @@ func LobPubAPIToken() *config.Rule {
 		Description: "Lob Publishable API Key",
 		RuleID:      "lob-pub-api-key",
 		Regex:       generateSemiGenericRegex([]string{"lob"}, `(test|live)_pub_[a-f0-9]{31}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"test_pub",
 			"live_pub",
@@ -36,7 +36,6 @@ func LobAPIToken() *config.Rule {
 			"test_",
 			"live_",
 		},
-		SecretGroup: 1,
 	}
 
 	// validate

cmd/generate/config/rules/mailchimp.go

@@ -11,7 +11,7 @@ func MailChimp() *config.Rule {
 		RuleID:      "mailchimp-api-key",
 		Description: "Mailchimp API key",
 		Regex:       generateSemiGenericRegex([]string{"mailchimp"}, `[a-f0-9]{32}-us20`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"mailchimp",
 		},

cmd/generate/config/rules/mailgun.go

@@ -11,7 +11,7 @@ func MailGunPrivateAPIToken() *config.Rule {
 		RuleID:      "mailgun-private-api-token",
 		Description: "Mailgun private API token",
 		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `key-[a-f0-9]{32}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"mailgun",
 		},
@@ -30,7 +30,7 @@ func MailGunPubAPIToken() *config.Rule {
 		RuleID:      "mailgun-pub-key",
 		Description: "Mailgun public validation key",
 		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `pubkey-[a-f0-9]{32}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"mailgun",
 		},
@@ -49,7 +49,7 @@ func MailGunSigningKey() *config.Rule {
 		RuleID:      "mailgun-signing-key",
 		Description: "Mailgun webhook signing key",
 		Regex:       generateSemiGenericRegex([]string{"mailgun"}, `[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"mailgun",
 		},

cmd/generate/config/rules/mapbox.go

@@ -11,8 +11,8 @@ func MapBox() *config.Rule {
 		Description: "MapBox API token",
 		RuleID:      "mapbox-api-token",
 		Regex:       generateSemiGenericRegex([]string{"mapbox"}, `pk\.[a-z0-9]{60}\.[a-z0-9]{22}`, true),
-		SecretGroup: 1,
-		Keywords:    []string{"mapbox"},
+
+		Keywords: []string{"mapbox"},
 	}
 
 	// validate

cmd/generate/config/rules/mattermost.go

@@ -11,7 +11,7 @@ func MattermostAccessToken() *config.Rule {
 		RuleID:      "mattermost-access-token",
 		Description: "Mattermost Access Token",
 		Regex:       generateSemiGenericRegex([]string{"mattermost"}, alphaNumeric("26"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"mattermost",
 		},

cmd/generate/config/rules/messagebird.go

@@ -15,7 +15,7 @@ func MessageBirdAPIToken() *config.Rule {
 			"message-bird",
 			"message_bird",
 		}, alphaNumeric("25"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"messagebird",
 			"message-bird",
@@ -42,7 +42,7 @@ func MessageBirdClientID() *config.Rule {
 			"message-bird",
 			"message_bird",
 		}, hex8_4_4_4_12(), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"messagebird",
 			"message-bird",

cmd/generate/config/rules/netlify.go

@@ -12,7 +12,7 @@ func NetlifyAccessToken() *config.Rule {
 		Description: "Netlify Access Token",
 		Regex: generateSemiGenericRegex([]string{"netlify"},
 			alphaNumericExtended("40,46"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"netlify",
 		},

cmd/generate/config/rules/newrelic.go

@@ -15,7 +15,7 @@ func NewRelicUserID() *config.Rule {
 			"newrelic",
 			"new_relic",
 		}, `NRAK-[a-z0-9]{27}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"NRAK",
 		},
@@ -38,7 +38,7 @@ func NewRelicUserKey() *config.Rule {
 			"newrelic",
 			"new_relic",
 		}, alphaNumeric("64"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"new-relic",
 			"newrelic",
@@ -63,7 +63,7 @@ func NewRelicBrowserAPIKey() *config.Rule {
 			"newrelic",
 			"new_relic",
 		}, `NRJS-[a-f0-9]{19}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"NRJS-",
 		},

cmd/generate/config/rules/npm.go

@@ -11,7 +11,7 @@ func NPM() *config.Rule {
 		RuleID:      "npm-access-token",
 		Description: "npm access token",
 		Regex:       generateUniqueTokenRegex(`npm_[a-z0-9]{36}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"npm_",
 		},

cmd/generate/config/rules/nytimes.go

@@ -13,7 +13,7 @@ func NytimesAccessToken() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{
 			"nytimes", "new-york-times,", "newyorktimes"},
 			alphaNumericExtended("32"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"nytimes",
 			"new-york-times",

cmd/generate/config/rules/okta.go

@@ -12,7 +12,7 @@ func OktaAccessToken() *config.Rule {
 		Description: "Okta Access Token",
 		Regex: generateSemiGenericRegex([]string{"okta"},
 			alphaNumericExtended("42"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"okta",
 		},

cmd/generate/config/rules/openai.go

@@ -11,7 +11,7 @@ func OpenAI() *config.Rule {
 		RuleID:      "openai-api-key",
 		Description: "OpenAI API Key",
 		Regex:       generateUniqueTokenRegex(`sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"T3BlbkFJ",
 		},

cmd/generate/config/rules/plaid.go

@@ -13,8 +13,8 @@ func PlaidAccessID() *config.Rule {
 		RuleID:      "plaid-client-id",
 		Description: "Plaid Client ID",
 		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("24"), true),
-		SecretGroup: 1,
-		Entropy:     3.5,
+
+		Entropy: 3.5,
 		Keywords: []string{
 			"plaid",
 		},
@@ -33,8 +33,8 @@ func PlaidSecretKey() *config.Rule {
 		RuleID:      "plaid-secret-key",
 		Description: "Plaid Secret key",
 		Regex:       generateSemiGenericRegex([]string{"plaid"}, alphaNumeric("30"), true),
-		SecretGroup: 1,
-		Entropy:     3.5,
+
+		Entropy: 3.5,
 		Keywords: []string{
 			"plaid",
 		},
@@ -54,7 +54,7 @@ func PlaidAccessToken() *config.Rule {
 		Description: "Plaid API Token",
 		Regex: generateSemiGenericRegex([]string{"plaid"},
 			fmt.Sprintf("access-(?:sandbox|development|production)-%s", hex8_4_4_4_12()), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"plaid",
 		},

cmd/generate/config/rules/planetscale.go

@@ -11,7 +11,7 @@ func PlanetScalePassword() *config.Rule {
 		RuleID:      "planetscale-password",
 		Description: "PlanetScale password",
 		Regex:       generateUniqueTokenRegex(`pscale_pw_(?i)[a-z0-9=\-_\.]{32,64}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"pscale_pw_",
 		},
@@ -32,7 +32,7 @@ func PlanetScaleAPIToken() *config.Rule {
 		RuleID:      "planetscale-api-token",
 		Description: "PlanetScale API token",
 		Regex:       generateUniqueTokenRegex(`pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"pscale_tkn_",
 		},
@@ -53,7 +53,7 @@ func PlanetScaleOAuthToken() *config.Rule {
 		RuleID:      "planetscale-oauth-token",
 		Description: "PlanetScale OAuth token",
 		Regex:       generateUniqueTokenRegex(`pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"pscale_oauth_",
 		},

cmd/generate/config/rules/postman.go

@@ -11,7 +11,7 @@ func PostManAPI() *config.Rule {
 		RuleID:      "postman-api-token",
 		Description: "Postman API token",
 		Regex:       generateUniqueTokenRegex(`PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"PMAK-",
 		},

cmd/generate/config/rules/prefect.go

@@ -11,7 +11,7 @@ func Prefect() *config.Rule {
 		RuleID:      "prefect-api-token",
 		Description: "Prefect API token",
 		Regex:       generateUniqueTokenRegex(`pnu_[a-z0-9]{36}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"pnu_",
 		},

cmd/generate/config/rules/pulumi.go

@@ -11,7 +11,7 @@ func PulumiAPIToken() *config.Rule {
 		RuleID:      "pulumi-api-token",
 		Description: "Pulumi API token",
 		Regex:       generateUniqueTokenRegex(`pul-[a-f0-9]{40}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"pul-",
 		},

cmd/generate/config/rules/rapidapi.go

@@ -12,7 +12,7 @@ func RapidAPIAccessToken() *config.Rule {
 		Description: "RapidAPI Access Token",
 		Regex: generateSemiGenericRegex([]string{"rapidapi"},
 			alphaNumericExtendedShort("50"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"rapidapi",
 		},

cmd/generate/config/rules/readme.go

@@ -11,7 +11,7 @@ func ReadMe() *config.Rule {
 		RuleID:      "readme-api-token",
 		Description: "Readme API token",
 		Regex:       generateUniqueTokenRegex(`rdme_[a-z0-9]{70}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"rdme_",
 		},

cmd/generate/config/rules/rubygems.go

@@ -11,7 +11,7 @@ func RubyGemsAPIToken() *config.Rule {
 		RuleID:      "rubygems-api-token",
 		Description: "Rubygem API token",
 		Regex:       generateUniqueTokenRegex(`rubygems_[a-f0-9]{48}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"rubygems_",
 		},

cmd/generate/config/rules/sendbird.go

@@ -11,7 +11,7 @@ func SendbirdAccessToken() *config.Rule {
 		RuleID:      "sendbird-access-token",
 		Description: "Sendbird Access Token",
 		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex("40"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"sendbird",
 		},
@@ -30,7 +30,7 @@ func SendbirdAccessID() *config.Rule {
 		RuleID:      "sendbird-access-id",
 		Description: "Sendbird Access ID",
 		Regex:       generateSemiGenericRegex([]string{"sendbird"}, hex8_4_4_4_12(), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"sendbird",
 		},

cmd/generate/config/rules/sendgrid.go

@@ -11,7 +11,7 @@ func SendGridAPIToken() *config.Rule {
 		RuleID:      "sendgrid-api-token",
 		Description: "SendGrid API token",
 		Regex:       generateUniqueTokenRegex(`SG\.(?i)[a-z0-9=_\-\.]{66}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"SG.",
 		},

cmd/generate/config/rules/sendinblue.go

@@ -11,7 +11,7 @@ func SendInBlueAPIToken() *config.Rule {
 		RuleID:      "sendinblue-api-token",
 		Description: "Sendinblue API token",
 		Regex:       generateUniqueTokenRegex(`xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"xkeysib-",
 		},

cmd/generate/config/rules/sentry.go

@@ -11,7 +11,7 @@ func SentryAccessToken() *config.Rule {
 		RuleID:      "sentry-access-token",
 		Description: "Sentry Access Token",
 		Regex:       generateSemiGenericRegex([]string{"sentry"}, hex("64"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"sentry",
 		},

cmd/generate/config/rules/shippo.go

@@ -11,7 +11,7 @@ func ShippoAPIToken() *config.Rule {
 		RuleID:      "shippo-api-token",
 		Description: "Shippo API token",
 		Regex:       generateUniqueTokenRegex(`shippo_(live|test)_[a-f0-9]{40}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"shippo_",
 		},

cmd/generate/config/rules/sidekiq.go

@@ -11,7 +11,7 @@ func SidekiqSecret() *config.Rule {
 	r := config.Rule{
 		Description: "Sidekiq Secret",
 		RuleID:      "sidekiq-secret",
-		SecretGroup: 1,
+
 		Regex: generateSemiGenericRegex([]string{"BUNDLE_ENTERPRISE__CONTRIBSYS__COM", "BUNDLE_GEMS__CONTRIBSYS__COM"},
 			`[a-f0-9]{8}:[a-f0-9]{8}`, true),
 		Keywords: []string{"BUNDLE_ENTERPRISE__CONTRIBSYS__COM", "BUNDLE_GEMS__CONTRIBSYS__COM"},

cmd/generate/config/rules/snyk.go

@@ -18,9 +18,9 @@ func Snyk() *config.Rule {
 	r := config.Rule{
 		Description: "Snyk API token",
 		RuleID:      "snyk-api-token",
-		SecretGroup: 1,
-		Regex:       generateSemiGenericRegex(keywords, hex8_4_4_4_12(), true),
-		Keywords:    keywords,
+
+		Regex:    generateSemiGenericRegex(keywords, hex8_4_4_4_12(), true),
+		Keywords: keywords,
 	}
 
 	// validate

cmd/generate/config/rules/squarespace.go

@@ -11,7 +11,7 @@ func SquareSpaceAccessToken() *config.Rule {
 		RuleID:      "squarespace-access-token",
 		Description: "Squarespace Access Token",
 		Regex:       generateSemiGenericRegex([]string{"squarespace"}, hex8_4_4_4_12(), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"squarespace",
 		},

cmd/generate/config/rules/sumologic.go

@@ -15,8 +15,8 @@ func SumoLogicAccessID() *config.Rule {
 		// TODO: Make 'su' case-sensitive.
 		Regex: generateSemiGenericRegex([]string{"sumo"},
 			"su[a-zA-Z0-9]{12}", false),
-		SecretGroup: 1,
-		Entropy:     3,
+
+		Entropy: 3,
 		Keywords: []string{
 			"sumo",
 		},
@@ -57,8 +57,8 @@ func SumoLogicAccessToken() *config.Rule {
 		Description: "SumoLogic Access Token",
 		Regex: generateSemiGenericRegex([]string{"sumo"},
 			alphaNumeric("64"), true),
-		SecretGroup: 1,
-		Entropy:     3,
+
+		Entropy: 3,
 		Keywords: []string{
 			"sumo",
 		},

cmd/generate/config/rules/telegram.go

@@ -12,8 +12,8 @@ func TelegramBotToken() *config.Rule {
 	r := config.Rule{
 		Description: "Telegram Bot API Token",
 		RuleID:      "telegram-bot-api-token",
-		SecretGroup: 1,
-		Regex:       regexp.MustCompile(`(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])`),
+
+		Regex: regexp.MustCompile(`(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])`),
 		Keywords: []string{
 			"telegram",
 			"api",

cmd/generate/config/rules/travisci.go

@@ -11,7 +11,7 @@ func TravisCIAccessToken() *config.Rule {
 		RuleID:      "travisci-access-token",
 		Description: "Travis CI Access Token",
 		Regex:       generateSemiGenericRegex([]string{"travis"}, alphaNumeric("22"), true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"travis",
 		},

cmd/generate/config/rules/trello.go

@@ -11,7 +11,7 @@ func TrelloAccessToken() *config.Rule {
 		RuleID:      "trello-access-token",
 		Description: "Trello Access Token",
 		Regex:       generateSemiGenericRegex([]string{"trello"}, `[a-zA-Z-0-9]{32}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"trello",
 		},

cmd/generate/config/rules/twitch.go

@@ -11,7 +11,6 @@ func TwitchAPIToken() *config.Rule {
 		RuleID:      "twitch-api-token",
 		Description: "Twitch API token",
 		Regex:       generateSemiGenericRegex([]string{"twitch"}, alphaNumeric("30"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"twitch",
 		},

cmd/generate/config/rules/twitter.go

@@ -11,7 +11,6 @@ func TwitterAPIKey() *config.Rule {
 		Description: "Twitter API Key",
 		RuleID:      "twitter-api-key",
 		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("25"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
 
@@ -28,7 +27,6 @@ func TwitterAPISecret() *config.Rule {
 		Description: "Twitter API Secret",
 		RuleID:      "twitter-api-secret",
 		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("50"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
 
@@ -45,8 +43,8 @@ func TwitterBearerToken() *config.Rule {
 		Description: "Twitter Bearer Token",
 		RuleID:      "twitter-bearer-token",
 		Regex:       generateSemiGenericRegex([]string{"twitter"}, "A{22}[a-zA-Z0-9%]{80,100}", true),
-		SecretGroup: 1,
-		Keywords:    []string{"twitter"},
+
+		Keywords: []string{"twitter"},
 	}
 
 	// validate
@@ -62,7 +60,6 @@ func TwitterAccessToken() *config.Rule {
 		Description: "Twitter Access Token",
 		RuleID:      "twitter-access-token",
 		Regex:       generateSemiGenericRegex([]string{"twitter"}, "[0-9]{15,25}-[a-zA-Z0-9]{20,40}", true),
-		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
 
@@ -79,7 +76,6 @@ func TwitterAccessSecret() *config.Rule {
 		Description: "Twitter Access Secret",
 		RuleID:      "twitter-access-secret",
 		Regex:       generateSemiGenericRegex([]string{"twitter"}, alphaNumeric("45"), true),
-		SecretGroup: 1,
 		Keywords:    []string{"twitter"},
 	}
 

cmd/generate/config/rules/typeform.go

@@ -12,7 +12,6 @@ func Typeform() *config.Rule {
 		Description: "Typeform API token",
 		Regex: generateSemiGenericRegex([]string{"typeform"},
 			`tfp_[a-z0-9\-_\.=]{59}`, true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"tfp_",
 		},

cmd/generate/config/rules/yandex.go

@@ -12,7 +12,6 @@ func YandexAWSAccessToken() *config.Rule {
 		Description: "Yandex AWS Access Token",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
 			`YC[a-zA-Z0-9_\-]{38}`, true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"yandex",
 		},
@@ -33,7 +32,7 @@ func YandexAPIKey() *config.Rule {
 		Description: "Yandex API Key",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
 			`AQVN[A-Za-z0-9_\-]{35,38}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"yandex",
 		},
@@ -54,7 +53,7 @@ func YandexAccessToken() *config.Rule {
 		Description: "Yandex Access Token",
 		Regex: generateSemiGenericRegex([]string{"yandex"},
 			`t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}`, true),
-		SecretGroup: 1,
+
 		Keywords: []string{
 			"yandex",
 		},

cmd/generate/config/rules/zendesk.go

@@ -11,7 +11,6 @@ func ZendeskSecretKey() *config.Rule {
 		RuleID:      "zendesk-secret-key",
 		Description: "Zendesk Secret Key",
 		Regex:       generateSemiGenericRegex([]string{"zendesk"}, alphaNumeric("40"), true),
-		SecretGroup: 1,
 		Keywords: []string{
 			"zendesk",
 		},

config/config_test.go

@@ -23,7 +23,7 @@ func TestTranslate(t *testing.T) {
 			cfg: Config{
 				Rules: map[string]Rule{"aws-access-key": {
 					Description: "AWS Access Key",
-					Regex:       regexp.MustCompile("(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+					Regex:       regexp.MustCompile("(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 					Tags:        []string{"key", "AWS"},
 					Keywords:    []string{},
 					RuleID:      "aws-access-key",
@@ -41,7 +41,7 @@ func TestTranslate(t *testing.T) {
 			cfg: Config{
 				Rules: map[string]Rule{"aws-access-key": {
 					Description: "AWS Access Key",
-					Regex:       regexp.MustCompile("(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+					Regex:       regexp.MustCompile("(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 					Tags:        []string{"key", "AWS"},
 					Keywords:    []string{},
 					RuleID:      "aws-access-key",
@@ -57,7 +57,7 @@ func TestTranslate(t *testing.T) {
 			cfg: Config{
 				Rules: map[string]Rule{"aws-access-key": {
 					Description: "AWS Access Key",
-					Regex:       regexp.MustCompile("(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+					Regex:       regexp.MustCompile("(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 					Tags:        []string{"key", "AWS"},
 					Keywords:    []string{},
 					RuleID:      "aws-access-key",
@@ -97,7 +97,7 @@ func TestTranslate(t *testing.T) {
 				Rules: map[string]Rule{
 					"aws-access-key": {
 						Description: "AWS Access Key",
-						Regex:       regexp.MustCompile("(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
+						Regex:       regexp.MustCompile("(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"),
 						Tags:        []string{"key", "AWS"},
 						Keywords:    []string{},
 						RuleID:      "aws-access-key",

config/gitleaks.toml

@@ -29,7 +29,6 @@ paths = [
 id = "adafruit-api-key"
 description = "Adafruit API Key"
 regex = '''(?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "adafruit",
 ]
@@ -38,7 +37,6 @@ keywords = [
 id = "adobe-client-id"
 description = "Adobe Client ID (OAuth Web)"
 regex = '''(?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "adobe",
 ]
@@ -63,7 +61,6 @@ keywords = [
 id = "airtable-api-key"
 description = "Airtable API Key"
 regex = '''(?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "airtable",
 ]
@@ -88,7 +85,6 @@ keywords = [
 id = "alibaba-secret-key"
 description = "Alibaba Secret Key"
 regex = '''(?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "alibaba",
 ]
@@ -97,7 +93,6 @@ keywords = [
 id = "asana-client-id"
 description = "Asana Client ID"
 regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "asana",
 ]
@@ -106,7 +101,6 @@ keywords = [
 id = "asana-client-secret"
 description = "Asana Client Secret"
 regex = '''(?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "asana",
 ]
@@ -115,7 +109,6 @@ keywords = [
 id = "atlassian-api-token"
 description = "Atlassian API token"
 regex = '''(?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "atlassian","confluence","jira",
 ]
@@ -124,7 +117,6 @@ keywords = [
 id = "authress-service-client-access-key"
 description = "Authress Service Client Access Key"
 regex = '''(?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "sc_","ext_","scauth_","authress_",
 ]
@@ -132,7 +124,7 @@ keywords = [
 [[rules]]
 id = "aws-access-token"
 description = "AWS"
-regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
 keywords = [
     "akia","agpa","aida","aroa","aipa","anpa","anva","asia",
 ]
@@ -141,7 +133,6 @@ keywords = [
 id = "beamer-api-token"
 description = "Beamer API token"
 regex = '''(?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "beamer",
 ]
@@ -150,7 +141,6 @@ keywords = [
 id = "bitbucket-client-id"
 description = "Bitbucket Client ID"
 regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "bitbucket",
 ]
@@ -159,7 +149,6 @@ keywords = [
 id = "bitbucket-client-secret"
 description = "Bitbucket Client Secret"
 regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "bitbucket",
 ]
@@ -168,7 +157,6 @@ keywords = [
 id = "bittrex-access-key"
 description = "Bittrex Access Key"
 regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "bittrex",
 ]
@@ -177,7 +165,6 @@ keywords = [
 id = "bittrex-secret-key"
 description = "Bittrex Secret Key"
 regex = '''(?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "bittrex",
 ]
@@ -194,7 +181,6 @@ keywords = [
 id = "codecov-access-token"
 description = "Codecov Access Token"
 regex = '''(?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "codecov",
 ]
@@ -203,7 +189,6 @@ keywords = [
 id = "coinbase-access-token"
 description = "Coinbase Access Token"
 regex = '''(?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "coinbase",
 ]
@@ -212,7 +197,6 @@ keywords = [
 id = "confluent-access-token"
 description = "Confluent Access Token"
 regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "confluent",
 ]
@@ -221,7 +205,6 @@ keywords = [
 id = "confluent-secret-key"
 description = "Confluent Secret Key"
 regex = '''(?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "confluent",
 ]
@@ -230,7 +213,6 @@ keywords = [
 id = "contentful-delivery-api-token"
 description = "Contentful delivery API token"
 regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "contentful",
 ]
@@ -247,7 +229,6 @@ keywords = [
 id = "datadog-access-token"
 description = "Datadog Access Token"
 regex = '''(?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "datadog",
 ]
@@ -256,7 +237,6 @@ keywords = [
 id = "defined-networking-api-token"
 description = "Defined Networking API token"
 regex = '''(?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "dnkey",
 ]
@@ -265,7 +245,6 @@ keywords = [
 id = "digitalocean-access-token"
 description = "DigitalOcean OAuth Access Token"
 regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "doo_v1_",
 ]
@@ -274,7 +253,6 @@ keywords = [
 id = "digitalocean-pat"
 description = "DigitalOcean Personal Access Token"
 regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "dop_v1_",
 ]
@@ -283,7 +261,6 @@ keywords = [
 id = "digitalocean-refresh-token"
 description = "DigitalOcean OAuth Refresh Token"
 regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "dor_v1_",
 ]
@@ -292,7 +269,6 @@ keywords = [
 id = "discord-api-token"
 description = "Discord API key"
 regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "discord",
 ]
@@ -301,7 +277,6 @@ keywords = [
 id = "discord-client-id"
 description = "Discord client ID"
 regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "discord",
 ]
@@ -310,7 +285,6 @@ keywords = [
 id = "discord-client-secret"
 description = "Discord client secret"
 regex = '''(?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "discord",
 ]
@@ -327,7 +301,6 @@ keywords = [
 id = "droneci-access-token"
 description = "Droneci Access Token"
 regex = '''(?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "droneci",
 ]
@@ -336,7 +309,6 @@ keywords = [
 id = "dropbox-api-token"
 description = "Dropbox API secret"
 regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "dropbox",
 ]
@@ -393,7 +365,6 @@ keywords = [
 id = "etsy-access-token"
 description = "Etsy Access Token"
 regex = '''(?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "etsy",
 ]
@@ -402,7 +373,6 @@ keywords = [
 id = "facebook"
 description = "Facebook Access Token"
 regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "facebook",
 ]
@@ -411,7 +381,6 @@ keywords = [
 id = "fastly-api-token"
 description = "Fastly API key"
 regex = '''(?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "fastly",
 ]
@@ -420,7 +389,6 @@ keywords = [
 id = "finicity-api-token"
 description = "Finicity API token"
 regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "finicity",
 ]
@@ -429,7 +397,6 @@ keywords = [
 id = "finicity-client-secret"
 description = "Finicity Client Secret"
 regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "finicity",
 ]
@@ -438,7 +405,6 @@ keywords = [
 id = "finnhub-access-token"
 description = "Finnhub Access Token"
 regex = '''(?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "finnhub",
 ]
@@ -447,7 +413,6 @@ keywords = [
 id = "flickr-access-token"
 description = "Flickr Access Token"
 regex = '''(?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "flickr",
 ]
@@ -488,7 +453,6 @@ keywords = [
 id = "freshbooks-access-token"
 description = "Freshbooks Access Token"
 regex = '''(?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "freshbooks",
 ]
@@ -497,7 +461,6 @@ keywords = [
 id = "gcp-api-key"
 description = "GCP API key"
 regex = '''(?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "aiza",
 ]
@@ -506,7 +469,6 @@ keywords = [
 id = "generic-api-key"
 description = "Generic API Key"
 regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 entropy = 3.5
 keywords = [
     "key","api","token","secret","client","passwd","password","auth","access",
@@ -2058,7 +2020,6 @@ keywords = [
 id = "gitter-access-token"
 description = "Gitter Access Token"
 regex = '''(?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "gitter",
 ]
@@ -2067,7 +2028,6 @@ keywords = [
 id = "gocardless-api-token"
 description = "GoCardless API token"
 regex = '''(?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "live_","gocardless",
 ]
@@ -2076,7 +2036,6 @@ keywords = [
 id = "grafana-api-key"
 description = "Grafana api key (or Grafana cloud api key)"
 regex = '''(?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "eyjrijoi",
 ]
@@ -2085,7 +2044,6 @@ keywords = [
 id = "grafana-cloud-api-token"
 description = "Grafana cloud api token"
 regex = '''(?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "glc_",
 ]
@@ -2094,7 +2052,6 @@ keywords = [
 id = "grafana-service-account-token"
 description = "Grafana service account token"
 regex = '''(?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "glsa_",
 ]
@@ -2119,7 +2076,6 @@ keywords = [
 id = "heroku-api-key"
 description = "Heroku API Key"
 regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "heroku",
 ]
@@ -2128,7 +2084,6 @@ keywords = [
 id = "hubspot-api-key"
 description = "HubSpot API Token"
 regex = '''(?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "hubspot",
 ]
@@ -2137,7 +2092,6 @@ keywords = [
 id = "huggingface-access-token"
 description = "Hugging Face Access token"
 regex = '''(?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <])'''
-secretGroup = 1
 entropy = 1
 keywords = [
     "hf_",
@@ -2147,7 +2101,6 @@ keywords = [
 id = "huggingface-organization-api-token"
 description = "Hugging Face Organization API token"
 regex = '''(?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),])'''
-secretGroup = 1
 entropy = 2
 keywords = [
     "api_org_",
@@ -2157,7 +2110,6 @@ keywords = [
 id = "infracost-api-token"
 description = "Infracost API Token"
 regex = '''(?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "ico-",
 ]
@@ -2166,7 +2118,6 @@ keywords = [
 id = "intercom-api-key"
 description = "Intercom API Token"
 regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "intercom",
 ]
@@ -2175,7 +2126,6 @@ keywords = [
 id = "jfrog-api-key"
 description = "JFrog API Key"
 regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "jfrog","artifactory","bintray","xray",
 ]
@@ -2184,7 +2134,6 @@ keywords = [
 id = "jfrog-identity-token"
 description = "JFrog Identity Token"
 regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "jfrog","artifactory","bintray","xray",
 ]
@@ -2209,7 +2158,6 @@ keywords = [
 id = "kraken-access-token"
 description = "Kraken Access Token"
 regex = '''(?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "kraken",
 ]
@@ -2218,7 +2166,6 @@ keywords = [
 id = "kucoin-access-token"
 description = "Kucoin Access Token"
 regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "kucoin",
 ]
@@ -2227,7 +2174,6 @@ keywords = [
 id = "kucoin-secret-key"
 description = "Kucoin Secret Key"
 regex = '''(?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "kucoin",
 ]
@@ -2236,7 +2182,6 @@ keywords = [
 id = "launchdarkly-access-token"
 description = "Launchdarkly Access Token"
 regex = '''(?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "launchdarkly",
 ]
@@ -2253,7 +2198,6 @@ keywords = [
 id = "linear-client-secret"
 description = "Linear Client Secret"
 regex = '''(?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "linear",
 ]
@@ -2262,7 +2206,6 @@ keywords = [
 id = "linkedin-client-id"
 description = "LinkedIn Client ID"
 regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "linkedin","linked-in",
 ]
@@ -2271,7 +2214,6 @@ keywords = [
 id = "linkedin-client-secret"
 description = "LinkedIn Client secret"
 regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "linkedin","linked-in",
 ]
@@ -2280,7 +2222,6 @@ keywords = [
 id = "lob-api-key"
 description = "Lob API Key"
 regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "test_","live_",
 ]
@@ -2289,7 +2230,6 @@ keywords = [
 id = "lob-pub-api-key"
 description = "Lob Publishable API Key"
 regex = '''(?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "test_pub","live_pub","_pub",
 ]
@@ -2298,7 +2238,6 @@ keywords = [
 id = "mailchimp-api-key"
 description = "Mailchimp API key"
 regex = '''(?i)(?:mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us20)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mailchimp",
 ]
@@ -2307,7 +2246,6 @@ keywords = [
 id = "mailgun-private-api-token"
 description = "Mailgun private API token"
 regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mailgun",
 ]
@@ -2316,7 +2254,6 @@ keywords = [
 id = "mailgun-pub-key"
 description = "Mailgun public validation key"
 regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mailgun",
 ]
@@ -2325,7 +2262,6 @@ keywords = [
 id = "mailgun-signing-key"
 description = "Mailgun webhook signing key"
 regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mailgun",
 ]
@@ -2334,7 +2270,6 @@ keywords = [
 id = "mapbox-api-token"
 description = "MapBox API token"
 regex = '''(?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mapbox",
 ]
@@ -2343,7 +2278,6 @@ keywords = [
 id = "mattermost-access-token"
 description = "Mattermost Access Token"
 regex = '''(?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "mattermost",
 ]
@@ -2352,7 +2286,6 @@ keywords = [
 id = "messagebird-api-token"
 description = "MessageBird API token"
 regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "messagebird","message-bird","message_bird",
 ]
@@ -2361,7 +2294,6 @@ keywords = [
 id = "messagebird-client-id"
 description = "MessageBird client ID"
 regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "messagebird","message-bird","message_bird",
 ]
@@ -2378,7 +2310,6 @@ keywords = [
 id = "netlify-access-token"
 description = "Netlify Access Token"
 regex = '''(?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "netlify",
 ]
@@ -2387,7 +2318,6 @@ keywords = [
 id = "new-relic-browser-api-token"
 description = "New Relic ingest browser API token"
 regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "nrjs-",
 ]
@@ -2396,7 +2326,6 @@ keywords = [
 id = "new-relic-user-api-id"
 description = "New Relic user API ID"
 regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "new-relic","newrelic","new_relic",
 ]
@@ -2405,7 +2334,6 @@ keywords = [
 id = "new-relic-user-api-key"
 description = "New Relic user API Key"
 regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "nrak",
 ]
@@ -2414,7 +2342,6 @@ keywords = [
 id = "npm-access-token"
 description = "npm access token"
 regex = '''(?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "npm_",
 ]
@@ -2423,7 +2350,6 @@ keywords = [
 id = "nytimes-access-token"
 description = "Nytimes Access Token"
 regex = '''(?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "nytimes","new-york-times","newyorktimes",
 ]
@@ -2432,7 +2358,6 @@ keywords = [
 id = "okta-access-token"
 description = "Okta Access Token"
 regex = '''(?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "okta",
 ]
@@ -2441,7 +2366,6 @@ keywords = [
 id = "openai-api-key"
 description = "OpenAI API Key"
 regex = '''(?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "t3blbkfj",
 ]
@@ -2450,7 +2374,6 @@ keywords = [
 id = "plaid-api-token"
 description = "Plaid API Token"
 regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "plaid",
 ]
@@ -2459,7 +2382,6 @@ keywords = [
 id = "plaid-client-id"
 description = "Plaid Client ID"
 regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 entropy = 3.5
 keywords = [
     "plaid",
@@ -2469,7 +2391,6 @@ keywords = [
 id = "plaid-secret-key"
 description = "Plaid Secret key"
 regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 entropy = 3.5
 keywords = [
     "plaid",
@@ -2479,7 +2400,6 @@ keywords = [
 id = "planetscale-api-token"
 description = "PlanetScale API token"
 regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pscale_tkn_",
 ]
@@ -2488,7 +2408,6 @@ keywords = [
 id = "planetscale-oauth-token"
 description = "PlanetScale OAuth token"
 regex = '''(?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pscale_oauth_",
 ]
@@ -2497,7 +2416,6 @@ keywords = [
 id = "planetscale-password"
 description = "PlanetScale password"
 regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pscale_pw_",
 ]
@@ -2506,7 +2424,6 @@ keywords = [
 id = "postman-api-token"
 description = "Postman API token"
 regex = '''(?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pmak-",
 ]
@@ -2515,7 +2432,6 @@ keywords = [
 id = "prefect-api-token"
 description = "Prefect API token"
 regex = '''(?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pnu_",
 ]
@@ -2532,7 +2448,6 @@ keywords = [
 id = "pulumi-api-token"
 description = "Pulumi API token"
 regex = '''(?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "pul-",
 ]
@@ -2549,7 +2464,6 @@ keywords = [
 id = "rapidapi-access-token"
 description = "RapidAPI Access Token"
 regex = '''(?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "rapidapi",
 ]
@@ -2558,7 +2472,6 @@ keywords = [
 id = "readme-api-token"
 description = "Readme API token"
 regex = '''(?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "rdme_",
 ]
@@ -2567,7 +2480,6 @@ keywords = [
 id = "rubygems-api-token"
 description = "Rubygem API token"
 regex = '''(?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "rubygems_",
 ]
@@ -2584,7 +2496,6 @@ keywords = [
 id = "sendbird-access-id"
 description = "Sendbird Access ID"
 regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "sendbird",
 ]
@@ -2593,7 +2504,6 @@ keywords = [
 id = "sendbird-access-token"
 description = "Sendbird Access Token"
 regex = '''(?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "sendbird",
 ]
@@ -2602,7 +2512,6 @@ keywords = [
 id = "sendgrid-api-token"
 description = "SendGrid API token"
 regex = '''(?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "sg.",
 ]
@@ -2611,7 +2520,6 @@ keywords = [
 id = "sendinblue-api-token"
 description = "Sendinblue API token"
 regex = '''(?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "xkeysib-",
 ]
@@ -2620,7 +2528,6 @@ keywords = [
 id = "sentry-access-token"
 description = "Sentry Access Token"
 regex = '''(?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "sentry",
 ]
@@ -2629,7 +2536,6 @@ keywords = [
 id = "shippo-api-token"
 description = "Shippo API token"
 regex = '''(?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "shippo_",
 ]
@@ -2670,7 +2576,6 @@ keywords = [
 id = "sidekiq-secret"
 description = "Sidekiq Secret"
 regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "bundle_enterprise__contribsys__com","bundle_gems__contribsys__com",
 ]
@@ -2760,7 +2665,6 @@ keywords = [
 id = "snyk-api-token"
 description = "Snyk API token"
 regex = '''(?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "snyk_token","snyk_key","snyk_api_token","snyk_api_key","snyk_oauth_token",
 ]
@@ -2777,7 +2681,6 @@ keywords = [
 id = "squarespace-access-token"
 description = "Squarespace Access Token"
 regex = '''(?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "squarespace",
 ]
@@ -2794,7 +2697,6 @@ keywords = [
 id = "sumologic-access-id"
 description = "SumoLogic Access ID"
 regex = '''(?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 entropy = 3
 keywords = [
     "sumo",
@@ -2811,7 +2713,6 @@ regexes = [
 id = "sumologic-access-token"
 description = "SumoLogic Access Token"
 regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 entropy = 3
 keywords = [
     "sumo",
@@ -2821,7 +2722,6 @@ keywords = [
 id = "telegram-bot-api-token"
 description = "Telegram Bot API Token"
 regex = '''(?i)(?:^|[^0-9])([0-9]{5,16}:A[a-zA-Z0-9_\-]{34})(?:$|[^a-zA-Z0-9_\-])'''
-secretGroup = 1
 keywords = [
     "telegram","api","bot","token","url",
 ]
@@ -2830,7 +2730,6 @@ keywords = [
 id = "travisci-access-token"
 description = "Travis CI Access Token"
 regex = '''(?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "travis",
 ]
@@ -2847,7 +2746,6 @@ keywords = [
 id = "twitch-api-token"
 description = "Twitch API token"
 regex = '''(?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitch",
 ]
@@ -2856,7 +2754,6 @@ keywords = [
 id = "twitter-access-secret"
 description = "Twitter Access Secret"
 regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitter",
 ]
@@ -2865,7 +2762,6 @@ keywords = [
 id = "twitter-access-token"
 description = "Twitter Access Token"
 regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitter",
 ]
@@ -2874,7 +2770,6 @@ keywords = [
 id = "twitter-api-key"
 description = "Twitter API Key"
 regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitter",
 ]
@@ -2883,7 +2778,6 @@ keywords = [
 id = "twitter-api-secret"
 description = "Twitter API Secret"
 regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitter",
 ]
@@ -2892,7 +2786,6 @@ keywords = [
 id = "twitter-bearer-token"
 description = "Twitter Bearer Token"
 regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "twitter",
 ]
@@ -2901,7 +2794,6 @@ keywords = [
 id = "typeform-api-token"
 description = "Typeform API token"
 regex = '''(?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "tfp_",
 ]
@@ -2926,7 +2818,6 @@ keywords = [
 id = "yandex-access-token"
 description = "Yandex Access Token"
 regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "yandex",
 ]
@@ -2935,7 +2826,6 @@ keywords = [
 id = "yandex-api-key"
 description = "Yandex API Key"
 regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "yandex",
 ]
@@ -2944,7 +2834,6 @@ keywords = [
 id = "yandex-aws-access-token"
 description = "Yandex AWS Access Token"
 regex = '''(?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "yandex",
 ]
@@ -2953,7 +2842,6 @@ keywords = [
 id = "zendesk-secret-key"
 description = "Zendesk Secret Key"
 regex = '''(?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
-secretGroup = 1
 keywords = [
     "zendesk",
 ]

detect/detect.go

@@ -289,9 +289,18 @@ func (d *Detector) detectRule(fragment Fragment, rule config.Rule) []report.Find
 			continue
 		}
 
-		// extract secret from secret group if set
-		if rule.SecretGroup != 0 {
-			groups := rule.Regex.FindStringSubmatch(secret)
+		// by default if secret group is not set, we will check to see if there
+		// are any capture groups. If there are, we will use the first capture to start
+		groups := rule.Regex.FindStringSubmatch(secret)
+		if rule.SecretGroup == 0 {
+			// if len(groups) == 2 that means there is only one capture group
+			// the first element in groups is the full match, the second is the
+			// first capture group
+			if len(groups) == 2 {
+				secret = groups[1]
+				finding.Secret = secret
+			}
+		} else {
 			if len(groups) <= rule.SecretGroup || len(groups) == 0 {
 				// Config validation should prevent this
 				continue

testdata/config/allow_aws_re.toml

@@ -3,7 +3,7 @@ title = "simple config with allowlist for aws"
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
     [rules.allowlist]
         regexes = ['''AKIALALEMEL33243OLIA''']

testdata/config/allow_commit.toml

@@ -3,7 +3,7 @@ title = "simple config with allowlist for a specific commit"
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
     [rules.allowlist]
         commits = ['''allowthiscommit''']

testdata/config/allow_global_aws_re.toml

@@ -1,7 +1,7 @@
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
 [allowlist]

testdata/config/allow_path.toml

@@ -3,7 +3,7 @@ title = "simple config with allowlist for .go files"
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
     [rules.allowlist]
         paths = ['''.go''']

testdata/config/extend_1.toml

@@ -6,5 +6,5 @@ path="../testdata/config/extend_2.toml"
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]

testdata/config/simple.toml

@@ -4,7 +4,7 @@ title = "gitleaks config"
 [[rules]]
     description = "AWS Access Key"
     id = "aws-access-key"
-    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    regex = '''(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
 [[rules]]

testdata/expected/report/sarif_simple.sarif

@@ -13,7 +13,7 @@
        "id": "aws-access-key",
        "name": "AWS Access Key",
        "shortDescription": {
-        "text": "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+        "text": "(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
        }
       },
       {