secret-patterns

Solid

30+ service-specific secret detection regex patterns, entropy-based detection, PEM/JWT/Base64 identification, and false positive filtering.

AI & Automation 501 stars 42 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
90
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Secret Detection Patterns Patterns for finding leaked credentials in codebases, git history, and CI logs. ## AWS Credentials ```bash # Access Key ID: always starts with AKIA (long-term) or ASIA (session) AKIA[0-9A-Z]{16} ASIA[0-9A-Z]{16} # Secret Access Key: 40-char base64-ish string after aws_secret aws_secret_access_key\s*=\s*[A-Za-z0-9/+=]{40} # ripgrep one-liner rg --no-heading -n '(AKIA|ASIA)[0-9A-Z]{16}' . ``` ## GitHub Tokens ```bash # Personal access tokens (classic and fine-grained) ghp_[A-Za-z0-9]{36} github_pat_[A-Za-z0-9_]{82} # OAuth / app tokens gho_[A-Za-z0-9]{36} ghs_[A-Za-z0-9]{36} ghu_[A-Za-z0-9]{36} ghr_[A-Za-z0-9]{36} rg --no-heading -n 'gh[pousr]_[A-Za-z0-9]{36}' . ``` ## Stripe Keys ```bash # Live secret (never commit) sk_live_[A-Za-z0-9]{24,} # Test secret (flag but lower severity) sk_test_[A-Za-z0-9]{24,} # Publishable keys (public, lower severity) pk_live_[A-Za-z0-9]{24,} pk_test_[A-Za-z0-9]{24,} rg --no-heading -n 'sk_(live|test)_[A-Za-z0-9]{24,}' . ``` ## OpenAI / Anthropic Keys ```bash # OpenAI sk-proj-[A-Za-z0-9\-_]{50,} sk-[A-Za-z0-9]{48} # Anthropic sk-ant-[A-Za-z0-9\-_]{90,} rg --no-heading -n '(sk-proj-|sk-ant-)' . ``` ## JWT Tokens ```bash # Three base64url segments separated by dots eyJ[A-Za-z0-9\-_]+\.eyJ[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+ # Decode header to verify (Python) import base64, json header = token.split('.')[0] + '==' print(json.loads(base64.urlsafe_b64decode(header))) ``` ## PEM Private Keys ```bash # RSA, ...

Details

Author
vibeeval
Repository
vibeeval/vibecosystem
Created
2 months ago
Last Updated
yesterday
Language
C#
License
MIT

Integrates with

OpenAI · AI Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

secret-scanner

Detect accidentally committed secrets, credentials, and sensitive information in code.

353 Updated today
aiskillstore
AI & Automation Listed

secret-hygiene

This skill activates when detecting hardcoded strings that look like API keys or credentials, creating .env files, referencing process.env or os.environ without Infisical, or working with configuration files that contain sensitive values. It enforces secret hygiene practices and recommends moving secrets to Infisical.

3 Updated 2 weeks ago
smicolon
AI & Automation Listed

secrets-and-dorks

48-pattern secret regex catalog, 70 dork corpus across 9 categories, GitHub code-search dorks, and 9 read-only credential validators for authorized secret discovery and verification.

0 Updated 1 weeks ago
Ap6pack