gitlab-secret_detection 0.1.0 → 0.3.0

data/lib/gitlab/secret_detection/core/gitleaks.toml

@@ -0,0 +1,1084 @@
+# This file contains a subset of rules pulled from the original source file.
+# Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
+# Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
+title = "gitleaks config"
+
+[[rules]]
+id = "gitlab_personal_access_token"
+description = "GitLab Personal Access Token"
+regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab", "revocation_type", "gitlab_blocking"]
+keywords = [
+    "glpat",
+]
+
+[[rules]]
+id = "gitlab_pipeline_trigger_token"
+description = "GitLab Pipeline Trigger Token"
+regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "glptt",
+]
+
+[[rules]]
+id = "gitlab_runner_registration_token"
+description = "GitLab Runner Registration Token"
+regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "GR1348941",
+]
+
+[[rules]]
+id = "gitlab_runner_auth_token"
+description = "GitLab Runner Authentication Token"
+regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "glrt",
+]
+
+[[rules]]
+id = "gitlab_feed_token"
+description = "GitLab Feed Token"
+regex = '''\bfeed_token=[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab"]
+keywords = [
+    "feed_token",
+]
+
+[[rules]]
+id = "gitlab_oauth_app_secret"
+description = "GitLab OAuth Application Secrets"
+regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "gloas",
+]
+
+[[rules]]
+id = "gitlab_feed_token_v2"
+description = "GitLab Feed token"
+regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "glft",
+]
+
+[[rules]]
+id = "gitlab_kubernetes_agent_token"
+description = "GitLab Agent for Kubernetes token"
+regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "glagent",
+]
+
+[[rules]]
+id = "gitlab_incoming_email_token"
+description = "GitLab Incoming email token"
+regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
+tags = ["gitlab", "gitlab_blocking"]
+keywords = [
+    "glimt",
+]
+
+[[rules]]
+id = "gitlab_deploy_token"
+description = "GitLab Deploy Token"
+regex = '''\bgldt-[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab"]
+keywords = [
+    "gldt",
+]
+
+[[rules]]
+id = "gitlab_scim_oauth_token"
+description = "GitLab SCIM token"
+regex = '''\bglsoat-[0-9a-zA-Z_\-]{20}\b'''
+tags = ["gitlab"]
+keywords = [
+    "glsoat",
+]
+
+[[rules]]
+id = "gitlab_ci_build_token"
+description = "GitLab CI Build (Job) token"
+regex = '''\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b'''
+tags = ["gitlab"]
+keywords = [
+    "glcbt",
+]
+
+[[rules]]
+id = "AWS"
+description = "AWS Access Token"
+regex = '''\bAKIA[0-9A-Z]{16}\b'''
+tags = ["aws", "revocation_type", "gitlab_blocking"]
+keywords = [
+    "AKIA",
+]
+
+# Cryptographic keys
+[[rules]]
+id = "PKCS8 private key"
+description = "PKCS8 private key"
+regex = '''-----BEGIN PRIVATE KEY-----'''
+keywords = [
+    "-----BEGIN PRIVATE KEY-----",
+]
+
+[[rules]]
+id = "RSA private key"
+description = "RSA private key"
+regex = '''-----BEGIN RSA PRIVATE KEY-----'''
+keywords = [
+    "-----BEGIN RSA PRIVATE KEY-----",
+]
+
+[[rules]]
+id = "SSH private key"
+description = "SSH private key"
+regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
+keywords = [
+    "-----BEGIN OPENSSH PRIVATE KEY-----",
+]
+
+[[rules]]
+id = "PGP private key"
+description = "PGP private key"
+regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
+keywords = [
+    "-----BEGIN PGP PRIVATE KEY BLOCK-----",
+]
+
+[[rules]]
+description = "systemd machine-id"
+id = "systemd-machine-id"
+path = '''^machine-id$'''
+regex = '''^[0-9a-f]{32}\n$'''
+entropy = 3.5
+
+[[rules]]
+id = "Github Personal Access Token"
+description = "Github Personal Access Token"
+regex = '''ghp_[0-9a-zA-Z]{36}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "ghp_",
+]
+
+[[rules]]
+id = "Github OAuth Access Token"
+description = "Github OAuth Access Token"
+regex = '''gho_[0-9a-zA-Z]{36}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "gho_",
+]
+
+[[rules]]
+id = "SSH (DSA) private key"
+description = "SSH (DSA) private key"
+regex = '''-----BEGIN DSA PRIVATE KEY-----'''
+keywords = [
+    "-----BEGIN DSA PRIVATE KEY-----",
+]
+
+[[rules]]
+id = "SSH (EC) private key"
+description = "SSH (EC) private key"
+regex = '''-----BEGIN EC PRIVATE KEY-----'''
+keywords = [
+    "-----BEGIN EC PRIVATE KEY-----",
+]
+
+
+[[rules]]
+id = "Github App Token"
+description = "Github App Token"
+regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "ghu_",
+    "ghs_"
+]
+
+[[rules]]
+id = "Github Refresh Token"
+description = "Github Refresh Token"
+regex = '''ghr_[0-9a-zA-Z]{76}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "ghr_"
+]
+
+[[rules]]
+id = "Shopify shared secret"
+description = "Shopify shared secret"
+regex = '''shpss_[a-fA-F0-9]{32}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "shpss_"
+]
+
+[[rules]]
+id = "Shopify access token"
+description = "Shopify access token"
+regex = '''shpat_[a-fA-F0-9]{32}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "shpat_"
+]
+
+[[rules]]
+id = "Shopify custom app access token"
+description = "Shopify custom app access token"
+regex = '''shpca_[a-fA-F0-9]{32}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "shpca_"
+]
+
+[[rules]]
+id = "Shopify private app access token"
+description = "Shopify private app access token"
+regex = '''shppa_[a-fA-F0-9]{32}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "shppa_"
+]
+
+[[rules]]
+id = "Slack token"
+description = "Slack token"
+regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "xoxb",
+    "xoxa",
+    "xoxp",
+    "xoxr",
+    "xoxs",
+]
+
+[[rules]]
+id = "Stripe"
+description = "Stripe"
+regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "sk_test",
+    "pk_test",
+    "sk_live",
+    "pk_live",
+]
+
+[[rules]]
+id = "PyPI upload token"
+description = "PyPI upload token"
+regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+tags = ["pypi", "revocation_type", "gitlab_blocking"]
+keywords = [
+    "pypi-AgEIcHlwaS5vcmc",
+]
+
+[[rules]]
+id = "Google (GCP) Service-account"
+description = "Google (GCP) Service-account"
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
+regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
+keywords = [
+    "service_account",
+]
+
+[[rules]]
+id = "GCP API key"
+description = "GCP API keys can be misused to gain API quota from billed projects"
+regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
+keywords = [
+    "AIza",
+]
+
+[[rules]]
+id = "GCP OAuth client secret"
+description = "GCP OAuth client secrets can be misused to spoof your application"
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
+regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
+keywords = [
+    "GOCSPX-",
+]
+
+[[rules]]
+# demo of this regex not matching passwords in urls that contain env vars:
+# https://regex101.com/r/rT9Lv9/6
+id = "Password in URL"
+description = "Password in URL"
+regex = '''[a-zA-Z]{3,10}:\/\/[^$][^:@\/\n]{3,20}:[^$][^:@\n\/]{3,40}@.{1,100}'''
+
+
+[[rules]]
+id = "Heroku API Key"
+description = "Heroku API Key"
+regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
+secretGroup = 1
+keywords = [
+    "heroku",
+]
+
+[[rules]]
+id = "Slack Webhook"
+description = "Slack Webhook"
+regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
+keywords = [
+    "https://hooks.slack.com/services",
+]
+
+[[rules]]
+id = "Twilio API Key"
+description = "Twilio API Key"
+regex = '''SK[0-9a-fA-F]{32}'''
+keywords = [
+    "SK",
+    "twilio"
+]
+
+[[rules]]
+id = "Age secret key"
+description = "Age secret key"
+regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
+keywords = [
+    "AGE-SECRET-KEY-1",
+]
+
+[[rules]]
+id = "Facebook token"
+description = "Facebook token"
+regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "facebook",
+]
+
+[[rules]]
+id = "Twitter token"
+description = "Twitter token"
+regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
+secretGroup = 3
+keywords = [
+    "twitter",
+]
+
+[[rules]]
+id = "Adobe Client ID (Oauth Web)"
+description = "Adobe Client ID (Oauth Web)"
+regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "adobe",
+]
+
+[[rules]]
+id = "Adobe Client Secret"
+description = "Adobe Client Secret"
+regex = '''(p8e-)(?i)[a-z0-9]{32}'''
+keywords = [
+    "adobe",
+    "p8e-,"
+]
+
+[[rules]]
+id = "Alibaba AccessKey ID"
+description = "Alibaba AccessKey ID"
+regex = '''(LTAI)(?i)[a-z0-9]{20}'''
+keywords = [
+    "LTAI",
+]
+
+[[rules]]
+id = "Alibaba Secret Key"
+description = "Alibaba Secret Key"
+regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
+secretGroup = 3
+keywords = [
+    "alibaba",
+]
+
+[[rules]]
+id = "Asana Client ID"
+description = "Asana Client ID"
+regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
+secretGroup = 3
+keywords = [
+    "asana",
+]
+
+[[rules]]
+id = "Asana Client Secret"
+description = "Asana Client Secret"
+regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "asana",
+]
+
+[[rules]]
+id = "Atlassian API token"
+description = "Atlassian API token"
+regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
+secretGroup = 3
+keywords = [
+    "atlassian",
+]
+
+[[rules]]
+id = "Bitbucket client ID"
+description = "Bitbucket client ID"
+regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "bitbucket",
+]
+
+[[rules]]
+id = "Bitbucket client secret"
+description = "Bitbucket client secret"
+regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
+secretGroup = 3
+keywords = [
+    "bitbucket",
+]
+
+[[rules]]
+id = "Beamer API token"
+description = "Beamer API token"
+regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
+secretGroup = 3
+keywords = [
+    "beamer",
+]
+
+[[rules]]
+id = "Clojars API token"
+description = "Clojars API token"
+regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
+keywords = [
+    "CLOJARS_",
+]
+
+[[rules]]
+id = "Contentful delivery API token"
+description = "Contentful delivery API token"
+regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
+secretGroup = 3
+keywords = [
+    "contentful",
+]
+
+[[rules]]
+id = "Contentful preview API token"
+description = "Contentful preview API token"
+regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
+secretGroup = 3
+keywords = [
+    "contentful",
+]
+
+[[rules]]
+id = "Databricks API token"
+description = "Databricks API token"
+regex = '''dapi[a-h0-9]{32}'''
+keywords = [
+    "dapi",
+    "databricks"
+]
+
+[[rules]]
+description = "DigitalOcean OAuth Access Token"
+id = "digitalocean-access-token"
+regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "doo_v1_",
+]
+
+[[rules]]
+description = "DigitalOcean Personal Access Token"
+id = "digitalocean-pat"
+regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "dop_v1_",
+]
+
+[[rules]]
+description = "DigitalOcean OAuth Refresh Token"
+id = "digitalocean-refresh-token"
+regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "dor_v1_",
+]
+
+[[rules]]
+id = "Discord API key"
+description = "Discord API key"
+regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
+secretGroup = 3
+keywords = [
+    "discord",
+]
+
+[[rules]]
+id = "Discord client ID"
+description = "Discord client ID"
+regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
+secretGroup = 3
+keywords = [
+    "discord",
+]
+
+[[rules]]
+id = "Discord client secret"
+description = "Discord client secret"
+regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "discord",
+]
+
+[[rules]]
+id = "Doppler API token"
+description = "Doppler API token"
+regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
+keywords = [
+    "doppler",
+]
+
+[[rules]]
+id = "Dropbox API secret/key"
+description = "Dropbox API secret/key"
+regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
+keywords = [
+    "dropbox",
+]
+
+[[rules]]
+id = "Dropbox short lived API token"
+description = "Dropbox short lived API token"
+regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
+keywords = [
+    "dropbox",
+]
+
+[[rules]]
+id = "Dropbox long lived API token"
+description = "Dropbox long lived API token"
+regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
+keywords = [
+    "dropbox",
+]
+
+[[rules]]
+id = "Duffel API token"
+description = "Duffel API token"
+regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
+keywords = [
+    "duffel",
+]
+
+[[rules]]
+id = "Dynatrace API token"
+description = "Dynatrace API token"
+regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
+keywords = [
+    "dt0c01",
+]
+
+[[rules]]
+id = "EasyPost API token"
+description = "EasyPost API token"
+regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
+keywords = [
+    "EZAK",
+]
+
+
+[[rules]]
+id = "EasyPost test API token"
+description = "EasyPost test API token"
+regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
+keywords = [
+    "EZTK",
+]
+
+[[rules]]
+id = "Fastly API token"
+description = "Fastly API token"
+regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "fastly",
+]
+
+[[rules]]
+id = "Finicity client secret"
+description = "Finicity client secret"
+regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
+secretGroup = 3
+keywords = [
+    "finicity",
+]
+
+[[rules]]
+id = "Finicity API token"
+description = "Finicity API token"
+regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "finicity",
+]
+
+[[rules]]
+id = "Flutterwave public key"
+description = "Flutterwave public key"
+regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
+keywords = [
+    "FLWPUBK_TEST",
+]
+
+[[rules]]
+id = "Flutterwave secret key"
+description = "Flutterwave secret key"
+regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
+keywords = [
+    "FLWSECK_TEST",
+]
+
+[[rules]]
+id = "Flutterwave encrypted key"
+description = "Flutterwave encrypted key"
+regex = '''FLWSECK_TEST[a-h0-9]{12}'''
+keywords = [
+    "FLWSECK_TEST",
+]
+
+[[rules]]
+id = "Frame.io API token"
+description = "Frame.io API token"
+regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
+keywords = [
+    "fio-u-",
+]
+
+[[rules]]
+id = "GoCardless API token"
+description = "GoCardless API token"
+regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
+keywords = [
+    "gocardless",
+]
+
+[[rules]]
+id = "Grafana API token"
+description = "Grafana API token"
+regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "grafana",
+]
+
+[[rules]]
+id = "Hashicorp Terraform user/org API token"
+description = "Hashicorp Terraform user/org API token"
+regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "atlasv1",
+    "hashicorp",
+    "terraform"
+]
+
+[[rules]]
+id = "Hashicorp Vault batch token"
+description = "Hashicorp Vault batch token"
+regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "hashicorp",
+    "AAAAAQ",
+    "vault"
+]
+
+[[rules]]
+id = "Hubspot API token"
+description = "Hubspot API token"
+regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
+secretGroup = 3
+keywords = [
+    "hubspot",
+]
+
+[[rules]]
+id = "Intercom API token"
+description = "Intercom API token"
+regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
+secretGroup = 3
+keywords = [
+    "intercom",
+]
+
+[[rules]]
+id = "Intercom client secret/ID"
+description = "Intercom client secret/ID"
+regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
+secretGroup = 3
+keywords = [
+    "intercom",
+]
+
+[[rules]]
+id = "Ionic API token"
+description = "Ionic API token"
+regex = '''\bion_(?i)[a-z0-9]{42}\b'''
+keywords = [
+    "ion_",
+]
+
+[[rules]]
+id = "Linear API token"
+description = "Linear API token"
+regex = '''lin_api_(?i)[a-z0-9]{40}'''
+keywords = [
+    "lin_api_",
+]
+
+[[rules]]
+id = "Linear client secret/ID"
+description = "Linear client secret/ID"
+regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "linear",
+]
+
+[[rules]]
+id = "Lob API Key"
+description = "Lob API Key"
+regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
+secretGroup = 3
+keywords = [
+    "lob",
+]
+
+[[rules]]
+id = "Lob Publishable API Key"
+description = "Lob Publishable API Key"
+regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
+secretGroup = 3
+keywords = [
+    "lob",
+]
+
+[[rules]]
+id = "Mailchimp API key"
+description = "Mailchimp API key"
+regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
+secretGroup = 3
+tags = ["gitlab_blocking"]
+keywords = [
+    "mailchimp",
+]
+
+[[rules]]
+id = "Mailgun private API token"
+description = "Mailgun private API token"
+regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
+secretGroup = 3
+tags = ["gitlab_blocking"]
+keywords = [
+    "mailgun",
+]
+
+[[rules]]
+id = "Mailgun public validation key"
+description = "Mailgun public validation key"
+regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
+secretGroup = 3
+keywords = [
+    "mailgun",
+]
+
+[[rules]]
+id = "Mailgun webhook signing key"
+description = "Mailgun webhook signing key"
+regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
+secretGroup = 3
+tags = ["gitlab_blocking"]
+keywords = [
+    "mailgun",
+]
+
+[[rules]]
+id = "Mapbox API token"
+description = "Mapbox API token"
+regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
+keywords = [
+    "mapbox",
+]
+
+[[rules]]
+id = "messagebird-api-token"
+description = "MessageBird API token"
+regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
+secretGroup = 3
+keywords = [
+    "messagebird",
+]
+
+[[rules]]
+id = "MessageBird API client ID"
+description = "MessageBird API client ID"
+regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
+secretGroup = 3
+keywords = [
+    "messagebird",
+]
+
+[[rules]]
+id = "New Relic user API Key"
+description = "New Relic user API Key"
+regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "NRAK",
+]
+
+[[rules]]
+id = "New Relic user API ID"
+description = "New Relic user API ID"
+regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
+secretGroup = 3
+tags = ["gitlab_blocking"]
+keywords = [
+    "newrelic",
+]
+
+[[rules]]
+id = "New Relic ingest browser API token"
+description = "New Relic ingest browser API token"
+regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
+keywords = [
+    "NRJS",
+]
+
+[[rules]]
+id = "npm access token"
+description = "npm access token"
+regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "npm_",
+]
+
+[[rules]]
+id = "Planetscale password"
+description = "Planetscale password"
+regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
+keywords = [
+    "pscale_pw_",
+]
+
+[[rules]]
+id = "Planetscale API token"
+description = "Planetscale API token"
+regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
+keywords = [
+    "pscale_tkn_",
+]
+
+[[rules]]
+id = "Postman API token"
+description = "Postman API token"
+regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
+keywords = [
+    "PMAK-",
+]
+
+[[rules]]
+id = "Pulumi API token"
+description = "Pulumi API token"
+regex = '''pul-[a-f0-9]{40}'''
+keywords = [
+    "pul-",
+]
+
+[[rules]]
+id = "Rubygem API token"
+description = "Rubygem API token"
+regex = '''rubygems_[a-f0-9]{48}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "rubygems_",
+]
+
+[[rules]]
+id = "Segment Public API token"
+description = "Segment Public API token"
+regex = '''sgp_[a-zA-Z0-9]{64}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "sgp_",
+]
+
+[[rules]]
+id = "Sendgrid API token"
+description = "Sendgrid API token"
+regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
+tags = ["gitlab_blocking"]
+keywords = [
+    "sendgrid",
+]
+
+[[rules]]
+id = "Sendinblue API token"
+description = "Sendinblue API token"
+regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
+keywords = [
+    "xkeysib-",
+]
+
+[[rules]]
+id = "Sendinblue SMTP token"
+description = "Sendinblue SMTP token"
+regex = '''xsmtpsib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
+keywords = [
+    "xsmtpsib-",
+]
+
+[[rules]]
+id = "Shippo API token"
+description = "Shippo API token"
+regex = '''shippo_(live|test)_[a-f0-9]{40}'''
+keywords = [
+    "shippo_",
+]
+
+[[rules]]
+id = "Linkedin Client secret"
+description = "Linkedin Client secret"
+regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
+secretGroup = 3
+keywords = [
+    "linkedin",
+]
+
+[[rules]]
+id = "Linkedin Client ID"
+description = "Linkedin Client ID"
+regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
+secretGroup = 3
+keywords = [
+    "linkedin",
+]
+
+[[rules]]
+id = "Twitch API token"
+description = "Twitch API token"
+regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
+secretGroup = 3
+keywords = [
+    "twitch",
+]
+
+[[rules]]
+id = "Typeform API token"
+description = "Typeform API token"
+regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
+secretGroup = 3
+keywords = [
+    "typeform",
+]
+
+[[rules]]
+id = "Yandex.Cloud IAM Cookie v1 - 1"
+description = "Yandex.Cloud IAM Cookie v1"
+regex = '''\bc1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "yandex",
+]
+
+[[rules]]
+id = "Yandex.Cloud IAM Cookie v1 - 2"
+description = "Yandex.Cloud IAM Token v1"
+regex = '''\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "yandex",
+]
+
+[[rules]]
+id = "Yandex.Cloud IAM Cookie v1 - 3"
+description = "Yandex.Cloud IAM API key v1"
+regex = '''\bAQVN[A-Za-z0-9_\-]{35,38}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "yandex",
+]
+
+[[rules]]
+id = "Yandex.Cloud AWS API compatible Access Secret"
+description = "Yandex.Cloud AWS API compatible Access Secret"
+regex = '''\bYC[a-zA-Z0-9_\-]{38}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "yandex",
+]
+
+[[rules]]
+id = "Meta access token"
+description = "Meta access token"
+regex = '''\bEA[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "EA",
+]
+
+[[rules]]
+id = "Oculus access token"
+description = "Oculus access token"
+regex = '''\bOC[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "OC",
+]
+
+[[rules]]
+id = "Instagram access token"
+description = "Instagram access token"
+regex = '''\bIG[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
+keywords = [
+    "IG",
+]
+
+[[rules]]
+id = "CircleCI access tokens"
+description = "CircleCI access tokens"
+regex = '''\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}'''
+keywords = [
+    "CircleCI"
+]
+
+[[rules]]
+description = "Open AI API key"
+id = "open ai token"
+regex = '''\bsk-[a-zA-Z0-9]{48}\b'''
+keywords = [
+    "sk-",
+]
+
+[[rules]]
+id = "Tailscale key"
+description = "Tailscale keys"
+regex = '''\btskey-\w+-\w+-\w+\b'''
+keywords = [
+    "tskey-",
+]