renolation/english
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
english/.opencode/skills/security-scan/references/secret-patterns.md
renolation 10d660cbcb init
2026-04-12 01:06:31 +07:00

1.5 KiB
Raw Permalink Blame History

Secret Detection Patterns

Grep patterns for detecting hardcoded secrets. Use with Grep tool, exclude test/example files.

High Confidence (Structured format, low false positive)

AWS

AKIA[0-9A-Z]{16}

GitHub (Classic + Fine-grained)

gh[pousr]_[A-Za-z0-9_]{36,255}
github_pat_[A-Za-z0-9_]{22,}

Stripe

sk_live_[0-9a-zA-Z]{24,}
rk_live_[0-9a-zA-Z]{24,}

Slack

xox[baprs]-[0-9a-zA-Z-]{10,}

Google Cloud

AIza[0-9A-Za-z_-]{35}

Anthropic

sk-ant-[A-Za-z0-9_-]{40,}

Private Keys

-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----

JWT / Bearer Tokens (in code, not headers)

eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}

Medium Confidence (Need context verification)

Generic API Keys

(?i)(api[_-]?key|apikey|api[_-]?secret)\s*[:=]\s*['"][A-Za-z0-9/+=]{16,}['"]

Database URLs

(?i)(postgres|mysql|mongodb|redis)://[^:]+:[^@]+@

Passwords in Code

(?i)(password|passwd|pwd)\s*[:=]\s*['"][^'"]{8,}['"]

Generic Secrets

(?i)(secret|token|credential)\s*[:=]\s*['"][A-Za-z0-9/+=]{16,}['"]

Exclusion Patterns

Skip matches in these contexts:

  • Files: *.example, *.test.*, *.spec.*, *.md, *.txt
  • Directories: node_modules/, dist/, vendor/, __pycache__/
  • Content: Lines containing TODO, FIXME, YOUR_, REPLACE_, xxx, placeholder
  • Content: Variable declarations without actual values (= process.env., = os.getenv()