gitleaks/config/gitleaks.toml

# This is the default gitleaks configuration file.
# Rules and allowlists are defined within this file.
# Rules instruct gitleaks on what should be considered a secret.
# Allowlists instruct gitleaks on what is allowed, i.e. not a secret.
title = "gitleaks config"

[allowlist]
description = "global allow lists"
regexes = [
    '''219-09-9999''',
    '''078-05-1120''',
    '''(9[0-9]{2}|666)-\d{2}-\d{4}''',
    ]
paths = [
    '''gitleaks.toml''',
    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
    '''(go.mod|go.sum)$'''
]
stopwords = [
    '''client''',
    '''endpoint''',
    '''vpn''',
    '''_ec2_''',
    '''aws_''',
]

[[rules]]
description = "Adobe Client ID (Oauth Web)"
id = "adobe-client-id"
regex = '''(?i)(?:adobe)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "adobe",
]

[[rules]]
description = "Adobe Client Secret"
id = "adobe-client-secret"
regex = '''(?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "p8e-",
]

[[rules]]
description = "Age secret key"
id = "age secret key"
regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
keywords = [
    "age-secret-key-1",
]

[[rules]]
description = "Alibaba AccessKey ID"
id = "alibaba-access-key-id"
regex = '''(?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "ltai",
]

[[rules]]
description = "Alibaba Secret Key"
id = "alibaba-secret-key"
regex = '''(?i)(?:alibaba)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "alibaba",
]

[[rules]]
description = "Asana Client ID"
id = "asana-client-id"
regex = '''(?i)(?:asana)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "asana",
]

[[rules]]
description = "Asana Client Secret"
id = "asana-client-secret"
regex = '''(?i)(?:asana)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "asana",
]

[[rules]]
description = "Atlassian API token"
id = "atlassian-api-token"
regex = '''(?i)(?:atlassian|confluence)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "atlassian","confluence",
]

[[rules]]
description = "AWS"
id = "aws-access-token"
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
keywords = [
    "akia","agpa","aida","aroa","aipa","anpa","anva","asia",
]

[[rules]]
description = "BitBucket Client ID"
id = "bitbucket-client-id"
regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "bitbucket",
]

[[rules]]
description = "BitBucket Client Secret"
id = "bitbucket-client-secret"
regex = '''(?i)(?:bitbucket)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "bitbucket",
]

[[rules]]
description = "Beamer API token"
id = "beamer-api-token"
regex = '''(?i)(?:beamer)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "beamer",
]

[[rules]]
description = "Clojars API token"
id = "clojars-api-token"
regex = '''(?i)(CLOJARS_)[a-z0-9]{60}'''
keywords = [
    "clojars",
]

[[rules]]
description = "Contentful delivery API token"
id = "contentful-delivery-api-token"
regex = '''(?i)(?:contentful)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "contentful",
]

[[rules]]
description = "Databricks API token"
id = "databricks-api-token"
regex = '''(?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "dapi",
]

[[rules]]
description = "Discord API key"
id = "discord-api-token"
regex = '''(?i)(?:discord)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "discord",
]

[[rules]]
description = "Discord client ID"
id = "discord-client-id"
regex = '''(?i)(?:discord)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "discord",
]

[[rules]]
description = "Discord client secret"
id = "discord-client-secret"
regex = '''(?i)(?:discord)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "discord",
]

[[rules]]
description = "Dropbox API secret"
id = "doppler-api-token"
regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "dropbox",
]

[[rules]]
description = "Dropbox long lived API token"
id = "dropbox-long-lived-api-token"
regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "dropbox",
]

[[rules]]
description = "Dropbox short lived API token"
id = "dropbox-short-lived-api-token"
regex = '''(?i)(?:dropbox)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "dropbox",
]

[[rules]]
description = "Doppler API token"
id = "doppler-api-token"
regex = '''(dp\.pt\.)(?i)[a-z0-9]{43}'''
keywords = [
    "doppler",
]

[[rules]]
description = "Duffel API token"
id = "duffel-api-token"
regex = '''duffel_(test|live)_(?i)[a-z0-9_\-=]{43}'''
keywords = [
    "duffel",
]

[[rules]]
description = "Dynatrace API token"
id = "dynatrace-api-token"
regex = '''dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}'''
keywords = [
    "dynatrace",
]

[[rules]]
description = "EasyPost API token"
id = "easypost-api-token"
regex = '''EZAK(?i)[a-z0-9]{54}'''
keywords = [
    "ezak",
]

[[rules]]
description = "EasyPost test API token"
id = "easypost-test-api-token"
regex = '''EZTK(?i)[a-z0-9]{54}'''
keywords = [
    "eztk",
]

[[rules]]
description = "facebook"
id = "facebook"
regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "facebook",
]

[[rules]]
description = "Fastly API key"
id = "fastly-api-token"
regex = '''(?i)(?:fastly)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "fastly",
]

[[rules]]
description = "Finicity Client Secret"
id = "finicity-client-secret"
regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "finicity",
]

[[rules]]
description = "Finicity API token"
id = "finicity-api-token"
regex = '''(?i)(?:finicity)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "finicity",
]

[[rules]]
description = "Finicity Public Key"
id = "flutterwave-public-key"
regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
keywords = [
    "flwpubk_test",
]

[[rules]]
description = "Finicity Secret Key"
id = "flutterwave-public-key"
regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
keywords = [
    "flwseck_test",
]

[[rules]]
description = "Finicity Secret Key"
id = "flutterwave-public-key"
regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
keywords = [
    "flwseck_test",
]

[[rules]]
description = "Frame.io API token"
id = "frameio-api-token"
regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
keywords = [
    "fio-u-",
]

[[rules]]
description = "Generic API Key"
id = "generic-api-key"
regex = '''(?i)(?:key|api[^Version]|token|pat|secret|client|password|auth)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
entropy = 3.7
keywords = [
    "key","api","token","secret","client","pat","password","auth",
]

[[rules]]
description = "GoCardless API token"
id = "gocardless-api-token"
regex = '''(?i)(?:gocardless)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "live_","gocardless",
]

[[rules]]
description = "GitHub Personal Access Token"
id = "github-pat"
regex = '''ghp_[0-9a-zA-Z]{36}'''
keywords = [
    "ghp_",
]

[[rules]]
description = "GitHub OAuth Access Token"
id = "github-oauth"
regex = '''gho_[0-9a-zA-Z]{36}'''
keywords = [
    "gho_",
]

[[rules]]
description = "GitHub App Token"
id = "github-app-token"
regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
keywords = [
    "ghu_","ghs_",
]

[[rules]]
description = "GitHub Refresh Token"
id = "github-refresh-token"
regex = '''ghr_[0-9a-zA-Z]{36}'''
keywords = [
    "ghr_",
]

[[rules]]
description = "Gitlab Personal Access Token"
id = "gitlab-pat"
regex = '''glpat-[0-9a-zA-Z\-\_]{20}'''
keywords = [
    "glpat-",
]

[[rules]]
description = "HashiCorp Terraform user/org API token"
id = "hashicorp-tf-api-token"
regex = '''(?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}'''
keywords = [
    "atlasv1",
]

[[rules]]
description = "Heroku API Key"
id = "heroku-api-key"
regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "heroku",
]

[[rules]]
description = "HubSpot API Token"
id = "hubspot-api-key"
regex = '''(?i)(?:hubspot)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "hubspot",
]

[[rules]]
description = "Intercom API Token"
id = "intercom-api-key"
regex = '''(?i)(?:intercom)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "intercom",
]

[[rules]]
description = "Linear API Token"
id = "linear-api-key"
regex = '''lin_api_(?i)[a-z0-9]{40}'''
keywords = [
    "lin_api_",
]

[[rules]]
description = "Linear Client Secret"
id = "linear-client-secret"
regex = '''(?i)(?:linear)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "linear",
]

[[rules]]
description = "LinkedIn Client ID"
id = "linkedin-client-id"
regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "linkedin","linked-in",
]

[[rules]]
description = "LinkedIn Client secret"
id = "linkedin-client-secret"
regex = '''(?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "linkedin","linked-in",
]

[[rules]]
description = "Lob API Key"
id = "lob-api-key"
regex = '''(?i)(?:lob)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "test_","live_",
]

[[rules]]
description = "Lob Publishable API Key"
id = "lob-pub-api-key"
regex = '''(?i)(?:lob)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60]|$)'''
keywords = [
    "test_pub","live_pub","_pub",
]

[[rules]]
description = "Mailchimp API key"
id = "mailchimp-api-key"
regex = '''(?i)(?:mailchimp)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us20)(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "mailchimp",
]

[[rules]]
description = "Mailgun public validation key"
id = "mailgun-pub-key"
regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "mailgun",
]

[[rules]]
description = "Mailgun private API token"
id = "mailgun-private-api-token"
regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "mailgun",
]

[[rules]]
description = "Mailgun webhook signing key"
id = "mailgun-signing-key"
regex = '''(?i)(?:mailgun)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "mailgun",
]

[[rules]]
description = "MapBox API token"
id = "mapbox-api-token"
regex = '''(?i)(?:mapbox)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "mapbox",
]

[[rules]]
description = "MessageBird API token"
id = "messagebird-api-token"
regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "messagebird","message-bird","message_bird",
]

[[rules]]
description = "MessageBird client ID"
id = "messagebird-client-id"
regex = '''(?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "messagebird","message-bird","message_bird",
]

[[rules]]
description = "New Relic user API Key"
id = "new-relic-user-api-key"
regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "nrak",
]

[[rules]]
description = "New Relic user API ID"
id = "new-relic-user-api-id"
regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "new-relic","newrelic","new_relic",
]

[[rules]]
description = "New Relic ingest browser API token"
id = "new-relic-browser-api-token"
regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "nrjs-",
]

[[rules]]
description = "npm access token"
id = "npm-access-token"
regex = '''(?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "npm_",
]

[[rules]]
description = "PlanetScale password"
id = "planetscale-password"
regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "pscale_pw_",
]

[[rules]]
description = "PlanetScale API token"
id = "planetscale-api-token"
regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "pscale_tkn_",
]

[[rules]]
description = "Postman API token"
id = "postman-api-token"
regex = '''(?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "pmak-",
]

[[rules]]
description = "Private Key"
id = "private-key"
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY-----[\s\S-]*KEY----'''
keywords = [
    "-----begin private",
]

[[rules]]
description = "Pulumi API token"
id = "pulumi-api-token"
regex = '''(?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "pul-",
]

[[rules]]
description = "PyPI upload token"
id = "pypi-upload-token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
keywords = [
    "pypi-ageichlwas5vcmc",
]

[[rules]]
description = "Rubygem API token"
id = "rubygems-api-token"
regex = '''(?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "rubygems_",
]

[[rules]]
description = "SendGrid API token"
id = "sendgrid-api-token"
regex = '''(?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "sg.",
]

[[rules]]
description = "Sendinblue API token"
id = "sendinblue-api-token"
regex = '''(?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "xkeysib-",
]

[[rules]]
description = "Shippo API token"
id = "shippo-api-token"
regex = '''(?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "shippo_",
]

[[rules]]
description = "Shopify access token"
id = "shopify-access-token"
regex = '''shpat_[a-fA-F0-9]{32}'''
keywords = [
    "shpat_",
]

[[rules]]
description = "Shopify custom access token"
id = "shopify-custom-access-token"
regex = '''shpca_[a-fA-F0-9]{32}'''
keywords = [
    "shpca_",
]

[[rules]]
description = "Shopify private app access token"
id = "shopify-private-app-access-token"
regex = '''shppa_[a-fA-F0-9]{32}'''
keywords = [
    "shppa_",
]

[[rules]]
description = "Shopify shared secret"
id = "shopify-shared-secret"
regex = '''shpss_[a-fA-F0-9]{32}'''
keywords = [
    "shpss_",
]

[[rules]]
description = "Slack token"
id = "slack-access-token"
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
keywords = [
    "xoxb","xoxa","xoxp","xoxr","xoxs",
]

[[rules]]
description = "Slack Webhook"
id = "slack-web-hook"
regex = '''https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46}'''
keywords = [
    "hooks.slack.com",
]

[[rules]]
description = "Stripe"
id = "stripe-access-token"
regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
keywords = [
    "sk_test","pk_test","sk_live","pk_live",
]

[[rules]]
description = "Twilio API Key"
id = "twilio-api-key"
regex = '''SK[0-9a-fA-F]{32}'''
keywords = [
    "twilio",
]

[[rules]]
description = "Twitch API token"
id = "twitch-api-token"
regex = '''(?i)(?:twitch)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "twitch",
]

[[rules]]
description = "twitter"
id = "twitter"
regex = '''(?i)(?:twitter)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{35,44})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "twitter",
]

[[rules]]
description = "Typeform API token"
id = "typeform-api-token"
regex = '''(?i)(?:typeform)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60]|$)'''
secretGroup = 1
keywords = [
    "tfp_",
]