github.com/giantswarm/apiextensions/v6@v6.6.0/.gitleaks.toml (about) 1 title = "gitleaks config" 2 3 [[rules]] 4 description = "AWS Access Key" 5 regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' 6 tags = ["key", "AWS"] 7 [rules.allowlist] 8 regexes = ['''AKIAIOSFODNN7EXAMPLE.*'''] 9 description = "ignore example aws key" 10 11 [[rules]] 12 description = "AWS Secret Key" 13 regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]''' 14 tags = ["key", "AWS"] 15 16 [[rules]] 17 description = "AWS MWS key" 18 regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' 19 tags = ["key", "AWS", "MWS"] 20 21 [[rules]] 22 description = "Facebook Secret Key" 23 regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]''' 24 tags = ["key", "Facebook"] 25 26 [[rules]] 27 description = "Facebook Client ID" 28 regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]''' 29 tags = ["key", "Facebook"] 30 31 [[rules]] 32 description = "Twitter Secret Key" 33 regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}''' 34 tags = ["key", "Twitter"] 35 36 [[rules]] 37 description = "Twitter Client ID" 38 regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}''' 39 tags = ["client", "Twitter"] 40 41 [[rules]] 42 description = "Github Personal Access Token" 43 regex = '''ghp_[0-9a-zA-Z]{36}''' 44 tags = ["key", "Github"] 45 [[rules]] 46 description = "Github OAuth Access Token" 47 regex = '''gho_[0-9a-zA-Z]{36}''' 48 tags = ["key", "Github"] 49 [[rules]] 50 description = "Github App Token" 51 regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}''' 52 tags = ["key", "Github"] 53 [[rules]] 54 description = "Github Refresh Token" 55 regex = '''ghr_[0-9a-zA-Z]{76}''' 56 tags = ["key", "Github"] 57 58 [[rules]] 59 description = "LinkedIn Client ID" 60 regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}''' 61 tags = ["client", "LinkedIn"] 62 63 [[rules]] 64 description = "LinkedIn Secret Key" 65 regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}''' 66 tags = ["secret", "LinkedIn"] 67 68 [[rules]] 69 description = "Slack" 70 regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?''' 71 tags = ["key", "Slack"] 72 73 [[rules]] 74 description = "Asymmetric Private Key" 75 regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----''' 76 tags = ["key", "AsymmetricPrivateKey"] 77 78 [[rules]] 79 description = "Google API key" 80 regex = '''AIza[0-9A-Za-z\\-_]{35}''' 81 tags = ["key", "Google"] 82 83 [[rules]] 84 description = "Google (GCP) Service Account" 85 regex = '''"type": "service_account"''' 86 tags = ["key", "Google"] 87 88 [[rules]] 89 description = "Heroku API key" 90 regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' 91 tags = ["key", "Heroku"] 92 93 [[rules]] 94 description = "MailChimp API key" 95 regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}''' 96 tags = ["key", "Mailchimp"] 97 98 [[rules]] 99 description = "Mailgun API key" 100 regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}''' 101 tags = ["key", "Mailgun"] 102 103 [[rules]] 104 description = "PayPal Braintree access token" 105 regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}''' 106 tags = ["key", "Paypal"] 107 108 [[rules]] 109 description = "Picatic API key" 110 regex = '''sk_live_[0-9a-z]{32}''' 111 tags = ["key", "Picatic"] 112 113 [[rules]] 114 description = "SendGrid API Key" 115 regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}''' 116 tags = ["key", "SendGrid"] 117 118 [[rules]] 119 description = "Slack Webhook" 120 regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}''' 121 tags = ["key", "slack"] 122 123 [[rules]] 124 description = "Stripe API key" 125 regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}''' 126 tags = ["key", "Stripe"] 127 128 [[rules]] 129 description = "Square access token" 130 regex = '''sq0atp-[0-9A-Za-z\-_]{22}''' 131 tags = ["key", "square"] 132 133 [[rules]] 134 description = "Square OAuth secret" 135 regex = '''sq0csp-[0-9A-Za-z\\-_]{43}''' 136 tags = ["key", "square"] 137 138 [[rules]] 139 description = "Twilio API key" 140 regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}''' 141 tags = ["key", "twilio"] 142 143 [[rules]] 144 description = "Dynatrace ttoken" 145 regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}''' 146 tags = ["key", "Dynatrace"] 147 148 [[rules]] 149 description = "Shopify shared secret" 150 regex = '''shpss_[a-fA-F0-9]{32}''' 151 tags = ["key", "Shopify"] 152 153 [[rules]] 154 description = "Shopify access token" 155 regex = '''shpat_[a-fA-F0-9]{32}''' 156 tags = ["key", "Shopify"] 157 158 [[rules]] 159 description = "Shopify custom app access token" 160 regex = '''shpca_[a-fA-F0-9]{32}''' 161 tags = ["key", "Shopify"] 162 163 [[rules]] 164 description = "Shopify private app access token" 165 regex = '''shppa_[a-fA-F0-9]{32}''' 166 tags = ["key", "Shopify"] 167 168 [[rules]] 169 description = "PyPI upload token" 170 regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}''' 171 tags = ["key", "pypi"] 172 173 [allowlist] 174 description = "Allowlisted files" 175 files = ['''^\.?gitleaks.toml$''', 176 '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''', 177 '''(go.mod|go.sum)$''', 178 '''helm/crds-aws/templates/upstream.yaml''', 179 '''config/crd/v1/infrastructure.cluster.x-k8s.io_awsclusterstaticidentities.yaml''']