Below is an evolving list of of code secrets that BluBracket identifies and reports. The list will continue to grow and be updated. If there is a secret type that you would like to have BluBracket search for please submit a ticket to support@blubracket.zendesk.com.
Secret Type | Description | Example(s) |
password_assignment | Potential password assignment |
|
secret_assignment | Potential secret assignment |
|
credential_assignment | Potential credential assignment |
|
google_api_key | Potential Google API key |
|
google_api_key_base64 | Potential Google API key (base64) | `QUl6YVN5QS1rM1VtRWVDRDZLcHlTcDNjU0FsR0p3WFROVl9veWJN` |
google_oauth | Potential Google OAuth |
|
google_oauth_access_token | Potential Google OAuth access token |
|
google_oauth_access_token_base64 | Potential Google OAuth access token (base64) | `eWEyOS5zZDhrZUNtczJzd3gyc0pOVzhrV3hxemoz` |
aws_access_key_id | Potential AWS access key ID |
|
aws_access_key_id_base64 | Potential AWS access key ID (base64) | `QUtJQTJFMEE4RjNCMjQ0Qzk5ODY non-token` |
aws_secret_key | Potential AWS Secret key |
|
aws_account_id | Potential AWS account ID |
|
aws_mws_key | Potential AWS MWS key |
|
aws_mws_key_base64 | Potential AWS MWS key (base64) | `YW16bi5td3MuYThmYzAzZDctN2ViMy1jOTJmLWIzYWEtYWU5M2NiZmY3YWNk` |
github_token | Potential GitHub token |
|
github_access_token|github_oauth_client_secret | Potential GitHub Personal Access Token or OAuth Client Secret |
|
github_token_base64|github_access_token_base64|github_oauth_client_secret_base64 | Potential GitHub Personal Access Token or OAuth Client Secret (base64) | ``githUb_token`: 'OXFqeHNqcTZIV0JYS0FPUDg3SUpIbWhzVzgwMzhkNzNEbTllRHU'` |
github_personal_access_token | Potential GitHub personal access token | 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 |
github_oauth_client_id | Potential GitHub OAuth Client ID |
|
github_user_to_server_token | Potential GitHub user-to-server token | `ghu_16C7e42F292c6912E7710c838347Ae178B4a` |
github_server_to_server_token | Potential GitHub server-to-server token | `ghs_16C7e42F292c6912E7710c838347Ae178B4a` |
github_refresh_token | Potential GitHub refresh token | `ghr_1B4a2e77838347a7E420ce178F2E7c6912E169246c34E1ccbF66C46812d16D5B1A9Dc86A1498` |
gitlab_oauth_application_id_base64|gitlab_oauth_secret_base64 | Potential Base64 Encoded GitLab OAuth application id or secret | `gitLab: "Yzc0ZjNjZmQ0NDk0OWM3MGY3ZjM1NjEyOTViNjdlNjgyZDdlNGZmNjY5OTViNjdkNGUxNTRmZTMxMjU0ODFhOA=="` |
gitlab_access_token | Potential GitLab Access Token |
|
gitlab_oauth_application_id|gitlab_oauth_secret | Potential GitLab OAuth Applicaiton ID or GitLab OAuth Secret |
|
bitbucket_app_password | Potential Bitbucket App Password |
|
bitbucket_app_password_base64 | Potential Bitbucket App Password (base64) | `bitbucKet-app_token := "WXBIZFVTUEFCOWFETnV3VnE4dUs="` |
bitbucket_oauth_key | Potential Bitbucket OAuth Key |
|
bitbucket_oauth_key_base64 | Potential Bitbucket OAuth Key (base64) | `bitbUCket_key= TkNubkhTWGJNVm1KWnI4RDhx` |
bitbucket_oauth_secret | Potential Bitbucket OAuth Secret |
|
bitbucket_oauth_secret_base64 | Potential Bitbucket OAuth Secret (base64) | `"bitbuckeT_secret": "Q01KMmJLWlVQQXpYZXpUd05HWHlXRHNlZ1Q4WlczWWQ"` |
azure_active_directory_client_id | Potential Azure Active Directory Client ID |
|
azure_active_directory_client_secret | Potential Azure Active Directory Client Secret |
|
azure_active_directory_client_secret_base64 | Potential Azure Active Directory Client Secret (base64) | `aZure_client_secret="SVt3Si1dRExyTFduYzBlRi11cEFtdVhlY0lMZVM2MzA="` |
azure_access_token | Potential Azure Access Token |
|
azure_access_token_base64 | Potential Azure Access Token (base64) | `'azUre_token'= "cjVudDY0aWt1emhvaGZtN3I0cm1kazJnZDV1bmI0dGI3ZWJlcmxvbWJxYXpzaHJmZHIzcQ=="` |
microsoft_id_token | Potential Microsoft Identity Platform ID Token |
|
atlassian_api_token | Potential Atlassian API Token |
|
atlassian_api_token_base64 | Potential Atlassian API Token (base64) | `my_jira_token="eGJFMFo0bFBscnN4Q3NiUWxqU0Q3QUZG"` |
dropbox_app_key_secret | Potential Dropbox App Key or App Secret |
|
dropbox_app_key_secret_base64 | Potential Dropbox App Key or App Secret (base64) | `DROPBOX_APP_KEY: "NGZ5eXp4NzNhZWVvdXV5"` |
dropbox_app_access_refresh_token | Potential Dropbox App Access Token |
|
dropbox_app_access_refresh_token_base64 | Potential Dropbox App Access Token (base64) | `dropbox_app_access_token: 'c1RhZVhqUGwta0FBQUFBQUFBQUFFNFBTSENhYy1yYVIzMXVlU2VGWlVTSEJKNXRsTUd2eU84TWVYUmFSUU9yVQ=='` |
box_client_id_secret | Potential Box client id or client secret | `box_client_id: "2zljm7yivjhfz9in4dkr566vk4xpje5y"` |
box_client_id_secret_base64 | Potential Box client id or client secret (base64) | `box_client_id: "Mnpsam03eWl2amhmejlpbjRka3I1NjZ2azR4cGplNXkK"` |
box_refresh_token | Potential Box refresh token | `box_refresh_token: "Q8j0kTwbhQXHO95FAKg5zTfKhDwGWOUQyRue8i7njJoqWAwdRKfAPw4oK6zF3dPv"` |
box_refresh_token_base64 | Potential Box refresh token (base64) | `box_refresh_token: "UThqMGtUd2JoUVhITzk1RkFLZzV6VGZLaER3R1dPVVF5UnVlOGk3bmpKb3FXQXdkUktmQVB3NG9LNnpGM2RQdgo="` |
discord_client_id | Potential Discord Client ID |
|
discord_client_secret | Potential Discord Client Secret |
|
slack_legacy_token | Potential Slack Legacy Token |
|
slack_legacy_token_base64 | Potential Slack Legacy Token (base64) | `eG94cC01NTk4NTkwNDE3MzMtNjI5NzIzNjU0NDM1LTc1MjM2NDE4MjAwNy05ZWFkODk5NDA1MWRhNzFhMDc3NGRiOTY1YjE2YTYwYg==` |
slack_app_client_id | Potential Slack App Client ID |
|
slack_app_client_secret|slack_app_signing_secret | Potential Slack App Client Secret or Slack App Signing Secret |
|
slack_app_verification_token | Potential Slack App Verification Token |
|
slack_app_verification_token_base64 | Potential Slack App Verification Token (base64) | `slack_token: "QmsxRDdCeFNiR1J0dFpZcHluZ05aQlNS"` |
slack_bot_user_token | Potential Slack Bot User Token |
|
slack_bot_user_token_base64 | Potential Slack Bot User Token (base64) | `eG94Yi01NTk4NTkwNDE3MzMtNjI5NzIzNjU0NDM1LTc1MjM2NDE4MjAwNy05ZWFkODk5NDA1MWRhNzFhMDc3NGRiOTY1YjE2YTYwYg==` |
slack_workspace_token | Potential Slack Workspace Token |
|
slack_workspace_token_base64 | Potential Slack Workspace Token (base64) | `eG94YS0yNTk4NTkwNDE3MzMtNjI5NzIzNjU0NDM1LTc1MjM2NDE4MjAwNy05ZWFkODk5NDA1MWRhNzFhMDc3NGRiOTY1YjE2YTYwYg==` |
slack_webhook | Potential Slack Webhook | `https://hooks.slack.com/services/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` |
stripe_test_secret_key | Potential Stripe Test Secret Key |
|
stripe_test_secret_key_base64 | Potential Stripe Test Secret Key (base64) | `c2tfdGVzdF80ZUMzOUhxTHlqV0Rhcmp0VDF6ZHA3ZGM=` |
stripe_live_secret_key | Potential Stripe live secret key | `sk_live_MfRuaFA9sgl5e1AUYzjwiNNt00UG6t6fvY` |
stripe_live_secret_key_base64 | Potential Stripe live secret key (base64) | `c2tfbGl2ZV9NZlJ1YUZBOXNnbDVlMUFVWXpqd2lOTnQwMFVHNnQ2ZnZZ` |
stripe_test_restricted_key | Potential Stripe Test Restricted Key |
|
stripe_test_restricted_key_base64 | Potential Stripe Test Restricted Key (base64) | `cmtfdGVzdF9adTlWejEyZUlZRk5kR29GS2U4YVlpUW4wMGdjY2xVdlMw` |
stripe_live_restricted_key | Potential Stripe live restricted key | `rk_live_Zu9Vz12eIYFNdGoFKe8aYiQn00gcclUvS0` |
stripe_live_restricted_key_base64 | Potential Stripe live restricted key (base64) | `cmtfbGl2ZV9adTlWejEyZUlZRk5kR29GS2U4YVlpUW4wMGdjY2xVdlMw` |
mailgun_private_api_key | Potential Mailgun Private API Key |
|
mailgun_private_api_key_base64 | Potential Mailgun Private API Key (base64) | `"mailgUn_key": 'a2V5LWIxMWI0ODcyMjRhN2MxODRmZWQ5Mzc5NWJmMDFhZGM5'` |
mailgun_public_validation_key | Potential Mailgun Public Validation Key |
|
mailgun_public_validation_key_base64 | Potential Mailgun Public Validation Key (base64) | `cHVia2V5LTE0YjQ0NzRkYTBkMGE2NTUxYTljNzExZWUxMWFhOTk2` |
mailgun_webhook_signing_key | Potential Mailgun Webhook Signing Key |
|
mailgun_webhook_signing_key_base64 | Potential Mailgun Webhook Signing Key (base64) | `mailgun_key='MTUzMDRhOGEwNTU4NjM3ZDgxODc2MzBkZGYxMWRmMWE='` |
sendgrid_api_key | Potential Sendgrid API Key |
|
sendgrid_api_key_base64 | Potential Sendgrid API Key (base64) | `U0cucFcyWFhnNi1UY2E4YkNCVEMwRWlZUS5ZNXBDOFNqZmJ3WWxNTURSaVQ5TTZxN0VmOWIzX0RDSGtQNS0zaXNYM3dN` |
twilio_auth_token|twilio_api_key | Potential Twilio Auth Token or API Key |
|
twilio_auth_token_base64 | Potential Twilio Auth Token or API Key (base64) | `twilio_token="NjkyZTAzYmZkZGQwOWQ4NTk0NmUxMzE5ZGQ1ZTdjNjE="` |
npm_access_token | Potential NPM Access Token |
|
npm_access_token_base64 | Potential NPM Access Token (base64) | `npm : `Zjc0ZmI2YzctMTVkNy00NmU3LTg1YjQtMDJjYTQ5ODhiZDNj`` |
npmrc_auth | Potential .npmrc Auth | `_auth = YWRtaW46YWRtaW4=` |
npmrc_auth_token | Potential .npmrc Auth token | `_authToken=26dfe8d8-889b-4380-92ff-9c3c6ea5d930` |
pulumi_access_token | Potential Pulumi Access Token |
|
pulumi_access_token_base64 | Potential Pulumi Access Token (base64) | `cHVsLWI1MjFlYWJlYmM0YjMxMmViMjMzNWJlYjdhOTExZjllYjdmMDc4YzI=` |
alibaba_access_key_secret | Potential Alibaba Cloud Access Key Secret |
|
alibaba_access_key_secret_base64 | Potential Alibaba Cloud Access Key Secret (base64) | `alibaba_access_key ='M2lodkdsa2xEUFNYcjIyZG51bnJIVHBaTzRhS21T'` |
codeship_aes_key | Potential Cloudbees Codeship AES Key Secret |
|
postman_api_key | Potential Postman API Key |
|
postman_api_key_base64 | Potential Postman API Key (base64) | `postman-api-key='UE1BSy01ZTFjNjg4OTA3M2I4NDAwMzEwODg2ZTAtNDA4OTU5NjljYzViYjUxOTQ0ZmNlMTUzZTk0YzMzZjNiOQ=='` |
terraform_access_token | Potential Terraform Access Token |
|
gocardless_access_token | Potential Gocardless Cloud Access Token |
|
gocardless_access_token_base64 | Potential Gocardless Cloud Access Token (base64) | `goCardLessToken = bGl2ZV9US1dJbWhGcG9UUnB6T0licFJoRFMzLWV6R2EtLW50NE85S1UxSGQx` |
password_in_xml | Potential password in XML |
|
secret_in_xml | Potential secret in XML |
|
password_function | Potential password in function |
|
secret_function | Potential secret in function |
|
password_in_url | Potential password in URL |
|
password_in_url_params | Potential password in params | `https://user:password@github.com/blubracket/rocks?passwd=1234` |
secret_in_url_params | Potential secret in params | `https://github.com/blubracket/rocks?secret=1234` |
private_key | Potential Private Key | `-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-L1D9CN2WmfoLeIBBJdQ2YngfSz…….. ==\n-----END RSA PRIVATE KEY-----` |
pgp_private_key | Potential PGP Private Key | `-----BEGIN PGP PRIVATE KEY BLOCK-----` |
blubracket_api_key | Potential BluBracket API key | `api_key="BLU-72de3a5f-b1ff-5a7f-a5ae-1a9cf5a98b27"` |
blubracket_api_key_base64 | Potential BluBracket API key (base64) | `api_key="QkxVLTcyZGUzYTVmLWIxZmYtNWE3Zi1hNWFlLTFhOWNmNWE5OGIyNw=="` |
basic_auth_header | Potential Basic Auth Header | `sh "set -e | curl -i -H 'Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l' -T BackEnd/build/libs/example_api-0.1.0.jar` |
jwt_token | Potential Generic JWT token | `jwt_access_token = "eyJhbGciOiJSUzI1NiIsImlzc3VlciI6InVybjpibHUiLCJyb2xlIjozLCJzZXJ2aWNlX2tleV9wYXRoIjoiL2FwaS9hbmFseXplci9wdWJsaWNfa2V5IiwidHlwIjoiSldUIn0.eyJleHAiOjE2MDUzMTI0MTksImlhdCI6MTYwNTMxMjM1OSwiaWQiOiJ0b2tlbl9pZCIsIm5idCI6MTYwNTMxMjM1OX0.l-MjVG33Ca76gtuiFLI-_AasHEsoMA3WcC36YvW0IHyQp-160z2Idc-sMdaJD8AwMsFto45vqnusDFkS1UYO7mZhU6sufv6pIMH86Ll7NwYvPzirqkWys40pvoXZdxxb3X5IBFTB8p9EuvLGOPUPFbEkA_if5jmExXjKUY98q0s"` |
Comments
0 comments
Please sign in to leave a comment.