This repository has been archived by the owner on Oct 1, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
secrets.yaml
118 lines (117 loc) · 4.08 KB
/
secrets.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Copyright © 2023 Atomist, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# List of secrets, with regex and description
secrets:
# Table III of https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
- secret:
pattern: '\b[1-9][0-9]+-[0-9a-zA-Z]{40}\b'
description: Twitter access token
ignore:
- package-lock.json
- yarn.lock
- pnpm-lock.yaml
- secret:
pattern: '\bEAACEdEose0cBA[0-9A-Za-z]+'
description: Facebook access token
- secret:
pattern: '\bAIza[0-9A-Za-z\-_]{35}\b'
description: Google API key
- secret:
pattern: '\b[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com\b'
description: Google OAuth ID
- secret:
pattern: '\bsk_live_[0-9a-z]{32}\b'
description: Picatic API Key
- secret:
pattern: '\bsk_live_[0-9a-zA-Z]{24}\b'
description: Stripe standard API key
- secret:
pattern: '\brk_live_[0-9a-zA-Z]{24}\b'
description: Stripe restricted API key
- secret:
pattern: '\bsq0atp-[0-9A-Za-z\-_]{22}\b'
description: Square access token
- secret:
pattern: '\bsq0csp-[0-9A-Za-z\-_]{43}\b'
description: Square OAuth Secret
- secret:
pattern: '\baccess_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}\b'
description: PayPal Braintree access token
- secret:
pattern: '\bamzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\b'
description: Amazon MWS auth token
- secret:
pattern: '\bSK[0-9a-fA-F]{32}\b'
description: Twilio API key
- secret:
pattern: '\bkey-[0-9a-zA-Z]{32}\b'
description: MailGun API key
- secret:
pattern: '\b[0-9a-f]{32}-us[0-9]{1,2}\b'
description: MailChimp API key
- secret:
pattern: '\bAKIA[0-9A-Z]{16}\b'
description: AWS access key ID
# Atomist contributed
- secret:
pattern: '(?<!v1\.)\b[A-Fa-f0-9]{40}\b'
description: GitHub personal access or OAuth2 token
# avoid files commonly containing git commit SHAs
ignore:
- CHANGELOG.md
- package-lock.json
- yarn.lock
- pnpm-lock.yaml
verify: github_token
- secret:
pattern: "gh[pousr]_[A-Za-z0-9_]{36}"
description: GitHub personal access or OAuth2 token
# avoid files commonly containing git commit SHAs
ignore:
- CHANGELOG.md
- package-lock.json
- yarn.lock
- pnpm-lock.yaml
verify: github_token
- secret:
pattern: '\bv1\.[a-f0-9]{40}\b'
description: GitHub App access token
verify: github_app
- secret:
pattern: '\b(?:ht|f|sm)tps?://[^:/?#\[\]@"<>{}|\\^`\s]*:[^:/?#\[\]@"<>{}|\\^`\s]+@'
description: URL with password
# https://github.com/odomojuli/RegExAPI
- secret:
pattern: '\b[0-9a-fA-F]{7}\.[0-9a-fA-F]{32}\b'
description: Instagram OAuth2 token
- secret:
pattern: '\bR_[0-9a-f]{32}\b'
description: Foursquare secret key
- secret:
pattern: '\bxox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}\b'
description: Slack API key
- secret:
pattern: '\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b'
description: GCP OAuth2 token
- secret:
pattern: '\b[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}\b'
description: GCP API key
- secret:
pattern: '\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b'
description: Heroku OAuth2 token
# Detect private keys in PEM format in any file; not just *.pem files
- secret:
pattern: '-----BEGIN (?:RSA )?PRIVATE KEY-----[\s\S]*?-----END (?:RSA )?PRIVATE KEY-----'
description: PEM Private Key
flags: gm