diff --git a/config/gitleaks.toml b/config/gitleaks.toml index 8662dfc69..0cecac5a8 100644 --- a/config/gitleaks.toml +++ b/config/gitleaks.toml @@ -2,33 +2,33 @@ title = "gitleaks config" # Gitleaks rules are defined by regular expressions and entropy ranges. # Some secrets have unique signatures which make detecting those secrets easy. -# Examples of those secrets would be Gitlab Personal Access Tokens, AWS keys, and Github Access Tokens. +# Examples of those secrets would be Gitlab Personal Access Tokens, AWS keys, and Github Access Tokens. # All these examples have defined prefixes like `glpat`, `AKIA`, `ghp_`, etc. -# +# # Other secrets might just be a hash which means we need to write more complex rules to verify # that what we are matching is a secret. -# +# # Here is an example of a semi-generic secret # # discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ" -# -# We can write a regular expression to capture the variable name (identifier), +# +# We can write a regular expression to capture the variable name (identifier), # the assignment symbol (like '=' or ':='), and finally the actual secret. # The structure of a rule to match this example secret is below: # -# Beginning string -# quotation -# │ End string quotation -# │ │ -# ▼ ▼ -# (?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"] -# -# ▲ ▲ ▲ -# │ │ │ -# │ │ │ -# identifier assignment symbol -# Secret -# +# Beginning string +# quotation +# │ End string quotation +# │ │ +# ▼ ▼ +# (?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"] +# +# ▲ ▲ ▲ +# │ │ │ +# │ │ │ +# identifier assignment symbol +# Secret +# [[rules]] id = "gitlab-pat" description = "GitLab Personal Access Token" @@ -381,7 +381,7 @@ secretGroup = 3 [[rules]] id = "ionic-api-token" description = "Ionic API token" -regex = '''ion_(?i)[a-z0-9]{42}''' +regex = '''(?i)(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]''' [[rules]] id = "linear-api-token"