# List of glob patterns to match files to look for secrets in
globs:
  - "**"
  - "!**/package-lock.json"
  - "!**/shrinkwrap.yaml"
  - "!**/yarn.lock"

secrets:
  # List of secrets, with regex and description
  # These come from Table III at https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
  - secret:
        pattern: "[1-9][0-9]+-[0-9a-zA-Z]{40}"
        description: "Twitter access token"
  - secret:
        pattern: "EAACEdEose0cBA[0-9A-Za-z]+"
        description: "Facebook access token"
  - secret:
        pattern: "AIza[0-9A-Za-z\-_]{35}"
        description: "Google API key"
  - secret:
        pattern: "[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com"
        description: "Google Oauth ID"
  - secret:
        pattern: "sk_live_[0-9a-z]{32}"
        description: "Picatic API Key"
  - secret:
        pattern: "sk_live_[0-9a-zA-Z]{24}"
        description: "Stripe regular API key"
  - secret:
        pattern: "sq0csp-[0-9A-Za-z\-_]{43}"
        description: "Stripe restricted API key"
  - secret:
        pattern: "sq0atp-[0-9A-Za-z\-_]{22}"
        description: "Square access token"
  - secret:
        pattern: "sq0csp-[0-9A-Za-z\-_]{43}"
        description: "Square Oauth Secret"
  - secret:
        pattern: "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}"
        description: "PayPal Braintree access token"
  - secret:
        pattern: "amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
        description: "Amazon MWS auth token"
  - secret:
        pattern: "SK[0-9a-fA-F]{32}"
        description: "Twilio API key"
  - secret:
        pattern: "key-[0-9a-zA-Z]{32}"
        description: "MailGun API key"
  - secret:
        pattern: "[0-9a-f]{32}-us[0-9]{1,2}"
        description: "MailChimp API key"
  - secret:
        pattern: "AKIA[0-9A-Z]{16}"
        description: "AWS access key ID"

# List of acceptable secret-like literals
whitelist: