id: credentials-disclosure # Extract secrets regex like api keys, password, token, etc ... for different services # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. # Regex count:- 687 # Notes:- # This template requires manual inspection once found valid match. # Generic token could be anything matching below regex. # Impact of leaked token depends on validation of leaked token. info: name: Credentials Disclosure Check author: Sy3Omda severity: info description: Look for multiple keys/tokens/passwords in the page response. tags: token requests: - method: GET path: - "{{BaseURL}}" extractors: - type: regex part: body regex: - "zopim[_-]?account[_-]?key(=| =|:| :)" - "zhuliang[_-]?gh[_-]?token(=| =|:| :)" - "zensonatypepassword(=| =|:| :)" - "zendesk[_-]?travis[_-]?github(=| =|:| :)" - "yt[_-]?server[_-]?api[_-]?key(=| =|:| :)" - "yt[_-]?partner[_-]?refresh[_-]?token(=| =|:| :)" - "yt[_-]?partner[_-]?client[_-]?secret(=| =|:| :)" - "yt[_-]?client[_-]?secret(=| =|:| :)" - "yt[_-]?api[_-]?key(=| =|:| :)" - "yt[_-]?account[_-]?refresh[_-]?token(=| =|:| :)" - "yt[_-]?account[_-]?client[_-]?secret(=| =|:| :)" - "yangshun[_-]?gh[_-]?token(=| =|:| :)" - "yangshun[_-]?gh[_-]?password(=| =|:| :)" - "www[_-]?googleapis[_-]?com(=| =|:| :)" - "wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" - "wpt[_-]?ssh[_-]?connect(=| =|:| :)" - "wpt[_-]?report[_-]?api[_-]?key(=| =|:| :)" - "wpt[_-]?prepare[_-]?dir(=| =|:| :)" - "wpt[_-]?db[_-]?user(=| =|:| :)" - "wpt[_-]?db[_-]?password(=| =|:| :)" - "wporg[_-]?password(=| =|:| :)" - "wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key(=| =|:| :)" - "wordpress[_-]?db[_-]?user(=| =|:| :)" - "wordpress[_-]?db[_-]?password(=| =|:| :)" - "wincert[_-]?password(=| =|:| :)" - "widget[_-]?test[_-]?server(=| =|:| :)" - "widget[_-]?fb[_-]?password[_-]?3(=| =|:| :)" - "widget[_-]?fb[_-]?password[_-]?2(=| =|:| :)" - "widget[_-]?fb[_-]?password(=| =|:| :)" - "widget[_-]?basic[_-]?password[_-]?5(=| =|:| :)" - "widget[_-]?basic[_-]?password[_-]?4(=| =|:| :)" - "widget[_-]?basic[_-]?password[_-]?3(=| =|:| :)" - "widget[_-]?basic[_-]?password[_-]?2(=| =|:| :)" - "widget[_-]?basic[_-]?password(=| =|:| :)" - "watson[_-]?password(=| =|:| :)" - "watson[_-]?device[_-]?password(=| =|:| :)" - "watson[_-]?conversation[_-]?password(=| =|:| :)" - "wakatime[_-]?api[_-]?key(=| =|:| :)" - "vscetoken(=| =|:| :)" - "visual[_-]?recognition[_-]?api[_-]?key(=| =|:| :)" - "virustotal[_-]?apikey(=| =|:| :)" - "vip[_-]?github[_-]?deploy[_-]?key[_-]?pass(=| =|:| :)" - "vip[_-]?github[_-]?deploy[_-]?key(=| =|:| :)" - "vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key(=| =|:| :)" - "v[_-]?sfdc[_-]?password(=| =|:| :)" - "v[_-]?sfdc[_-]?client[_-]?secret(=| =|:| :)" - "usertravis(=| =|:| :)" - "user[_-]?assets[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "user[_-]?assets[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "use[_-]?ssh(=| =|:| :)" - "us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com(=| =|:| :)" - "urban[_-]?secret(=| =|:| :)" - "urban[_-]?master[_-]?secret(=| =|:| :)" - "urban[_-]?key(=| =|:| :)" - "unity[_-]?serial(=| =|:| :)" - "unity[_-]?password(=| =|:| :)" - "twitteroauthaccesstoken(=| =|:| :)" - "twitteroauthaccesssecret(=| =|:| :)" - "twitter[_-]?consumer[_-]?secret(=| =|:| :)" - "twitter[_-]?consumer[_-]?key(=| =|:| :)" - "twine[_-]?password(=| =|:| :)" - "twilio[_-]?token(=| =|:| :)" - "twilio[_-]?sid(=| =|:| :)" - "twilio[_-]?configuration[_-]?sid(=| =|:| :)" - "twilio[_-]?chat[_-]?account[_-]?api[_-]?service(=| =|:| :)" - "twilio[_-]?api[_-]?secret(=| =|:| :)" - "twilio[_-]?api[_-]?key(=| =|:| :)" - "trex[_-]?okta[_-]?client[_-]?token(=| =|:| :)" - "trex[_-]?client[_-]?token(=| =|:| :)" - "travis[_-]?token(=| =|:| :)" - "travis[_-]?secure[_-]?env[_-]?vars(=| =|:| :)" - "travis[_-]?pull[_-]?request(=| =|:| :)" - "travis[_-]?gh[_-]?token(=| =|:| :)" - "travis[_-]?e2e[_-]?token(=| =|:| :)" - "travis[_-]?com[_-]?token(=| =|:| :)" - "travis[_-]?branch(=| =|:| :)" - "travis[_-]?api[_-]?token(=| =|:| :)" - "travis[_-]?access[_-]?token(=| =|:| :)" - "token[_-]?core[_-]?java(=| =|:| :)" - "thera[_-]?oss[_-]?access[_-]?key(=| =|:| :)" - "tester[_-]?keys[_-]?password(=| =|:| :)" - "test[_-]?test(=| =|:| :)" - "test[_-]?github[_-]?token(=| =|:| :)" - "tesco[_-]?api[_-]?key(=| =|:| :)" - "svn[_-]?pass(=| =|:| :)" - "surge[_-]?token(=| =|:| :)" - "surge[_-]?login(=| =|:| :)" - "stripe[_-]?public(=| =|:| :)" - "stripe[_-]?private(=| =|:| :)" - "strip[_-]?secret[_-]?key(=| =|:| :)" - "strip[_-]?publishable[_-]?key(=| =|:| :)" - "stormpath[_-]?api[_-]?key[_-]?secret(=| =|:| :)" - "stormpath[_-]?api[_-]?key[_-]?id(=| =|:| :)" - "starship[_-]?auth[_-]?token(=| =|:| :)" - "starship[_-]?account[_-]?sid(=| =|:| :)" - "star[_-]?test[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "star[_-]?test[_-]?location(=| =|:| :)" - "star[_-]?test[_-]?bucket(=| =|:| :)" - "star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "staging[_-]?base[_-]?url[_-]?runscope(=| =|:| :)" - "ssmtp[_-]?config(=| =|:| :)" - "sshpass(=| =|:| :)" - "srcclr[_-]?api[_-]?token(=| =|:| :)" - "square[_-]?reader[_-]?sdk[_-]?repository[_-]?password(=| =|:| :)" - "sqssecretkey(=| =|:| :)" - "sqsaccesskey(=| =|:| :)" - "spring[_-]?mail[_-]?password(=| =|:| :)" - "spotify[_-]?api[_-]?client[_-]?secret(=| =|:| :)" - "spotify[_-]?api[_-]?access[_-]?token(=| =|:| :)" - "spaces[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "spaces[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "soundcloud[_-]?password(=| =|:| :)" - "soundcloud[_-]?client[_-]?secret(=| =|:| :)" - "sonatypepassword(=| =|:| :)" - "sonatype[_-]?token[_-]?user(=| =|:| :)" - "sonatype[_-]?token[_-]?password(=| =|:| :)" - "sonatype[_-]?password(=| =|:| :)" - "sonatype[_-]?pass(=| =|:| :)" - "sonatype[_-]?nexus[_-]?password(=| =|:| :)" - "sonatype[_-]?gpg[_-]?passphrase(=| =|:| :)" - "sonatype[_-]?gpg[_-]?key[_-]?name(=| =|:| :)" - "sonar[_-]?token(=| =|:| :)" - "sonar[_-]?project[_-]?key(=| =|:| :)" - "sonar[_-]?organization[_-]?key(=| =|:| :)" - "socrata[_-]?password(=| =|:| :)" - "socrata[_-]?app[_-]?token(=| =|:| :)" - "snyk[_-]?token(=| =|:| :)" - "snyk[_-]?api[_-]?token(=| =|:| :)" - "snoowrap[_-]?refresh[_-]?token(=| =|:| :)" - "snoowrap[_-]?password(=| =|:| :)" - "snoowrap[_-]?client[_-]?secret(=| =|:| :)" - "slate[_-]?user[_-]?email(=| =|:| :)" - "slash[_-]?developer[_-]?space[_-]?key(=| =|:| :)" - "slash[_-]?developer[_-]?space(=| =|:| :)" - "signing[_-]?key[_-]?sid(=| =|:| :)" - "signing[_-]?key[_-]?secret(=| =|:| :)" - "signing[_-]?key[_-]?password(=| =|:| :)" - "signing[_-]?key(=| =|:| :)" - "setsecretkey(=| =|:| :)" - "setdstsecretkey(=| =|:| :)" - "setdstaccesskey(=| =|:| :)" - "ses[_-]?secret[_-]?key(=| =|:| :)" - "ses[_-]?access[_-]?key(=| =|:| :)" - "service[_-]?account[_-]?secret(=| =|:| :)" - "sentry[_-]?key(=| =|:| :)" - "sentry[_-]?endpoint(=| =|:| :)" - "sentry[_-]?default[_-]?org(=| =|:| :)" - "sentry[_-]?auth[_-]?token(=| =|:| :)" - "sendwithus[_-]?key(=| =|:| :)" - "sendgrid[_-]?username(=| =|:| :)" - "sendgrid[_-]?user(=| =|:| :)" - "sendgrid[_-]?password(=| =|:| :)" - "sendgrid[_-]?key(=| =|:| :)" - "sendgrid[_-]?api[_-]?key(=| =|:| :)" - "sendgrid(=| =|:| :)" - "selion[_-]?selenium[_-]?host(=| =|:| :)" - "selion[_-]?log[_-]?level[_-]?dev(=| =|:| :)" - "segment[_-]?api[_-]?key(=| =|:| :)" - "secretkey(=| =|:| :)" - "secretaccesskey(=| =|:| :)" - "secret[_-]?key[_-]?base(=| =|:| :)" - "secret[_-]?9(=| =|:| :)" - "secret[_-]?8(=| =|:| :)" - "secret[_-]?7(=| =|:| :)" - "secret[_-]?6(=| =|:| :)" - "secret[_-]?5(=| =|:| :)" - "secret[_-]?4(=| =|:| :)" - "secret[_-]?3(=| =|:| :)" - "secret[_-]?2(=| =|:| :)" - "secret[_-]?11(=| =|:| :)" - "secret[_-]?10(=| =|:| :)" - "secret[_-]?1(=| =|:| :)" - "secret[_-]?0(=| =|:| :)" - "sdr[_-]?token(=| =|:| :)" - "scrutinizer[_-]?token(=| =|:| :)" - "sauce[_-]?access[_-]?key(=| =|:| :)" - "sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "sandbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "sandbox[_-]?access[_-]?token(=| =|:| :)" - "salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token(=| =|:| :)" - "salesforce[_-]?bulk[_-]?test[_-]?password(=| =|:| :)" - "sacloud[_-]?api(=| =|:| :)" - "sacloud[_-]?access[_-]?token[_-]?secret(=| =|:| :)" - "sacloud[_-]?access[_-]?token(=| =|:| :)" - "s3[_-]?user[_-]?secret(=| =|:| :)" - "s3[_-]?secret[_-]?key(=| =|:| :)" - "s3[_-]?secret[_-]?assets(=| =|:| :)" - "s3[_-]?secret[_-]?app[_-]?logs(=| =|:| :)" - "s3[_-]?key[_-]?assets(=| =|:| :)" - "s3[_-]?key[_-]?app[_-]?logs(=| =|:| :)" - "s3[_-]?key(=| =|:| :)" - "s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com(=| =|:| :)" - "s3[_-]?bucket[_-]?name[_-]?assets(=| =|:| :)" - "s3[_-]?bucket[_-]?name[_-]?app[_-]?logs(=| =|:| :)" - "s3[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "s3[_-]?access[_-]?key(=| =|:| :)" - "rubygems[_-]?auth[_-]?token(=| =|:| :)" - "rtd[_-]?store[_-]?pass(=| =|:| :)" - "rtd[_-]?key[_-]?pass(=| =|:| :)" - "route53[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "ropsten[_-]?private[_-]?key(=| =|:| :)" - "rinkeby[_-]?private[_-]?key(=| =|:| :)" - "rest[_-]?api[_-]?key(=| =|:| :)" - "repotoken(=| =|:| :)" - "reporting[_-]?webdav[_-]?url(=| =|:| :)" - "reporting[_-]?webdav[_-]?pwd(=| =|:| :)" - "release[_-]?token(=| =|:| :)" - "release[_-]?gh[_-]?token(=| =|:| :)" - "registry[_-]?secure(=| =|:| :)" - "registry[_-]?pass(=| =|:| :)" - "refresh[_-]?token(=| =|:| :)" - "rediscloud[_-]?url(=| =|:| :)" - "redis[_-]?stunnel[_-]?urls(=| =|:| :)" - "randrmusicapiaccesstoken(=| =|:| :)" - "rabbitmq[_-]?password(=| =|:| :)" - "quip[_-]?token(=| =|:| :)" - "qiita[_-]?token(=| =|:| :)" - "pypi[_-]?passowrd(=| =|:| :)" - "pushover[_-]?token(=| =|:| :)" - "publish[_-]?secret(=| =|:| :)" - "publish[_-]?key(=| =|:| :)" - "publish[_-]?access(=| =|:| :)" - "project[_-]?config(=| =|:| :)" - "prod[_-]?secret[_-]?key(=| =|:| :)" - "prod[_-]?password(=| =|:| :)" - "prod[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "private[_-]?signing[_-]?password(=| =|:| :)" - "pring[_-]?mail[_-]?username(=| =|:| :)" - "preferred[_-]?username(=| =|:| :)" - "prebuild[_-]?auth(=| =|:| :)" - "postgresql[_-]?pass(=| =|:| :)" - "postgresql[_-]?db(=| =|:| :)" - "postgres[_-]?env[_-]?postgres[_-]?password(=| =|:| :)" - "postgres[_-]?env[_-]?postgres[_-]?db(=| =|:| :)" - "plugin[_-]?password(=| =|:| :)" - "plotly[_-]?apikey(=| =|:| :)" - "places[_-]?apikey(=| =|:| :)" - "places[_-]?api[_-]?key(=| =|:| :)" - "pg[_-]?host(=| =|:| :)" - "pg[_-]?database(=| =|:| :)" - "personal[_-]?secret(=| =|:| :)" - "personal[_-]?key(=| =|:| :)" - "percy[_-]?token(=| =|:| :)" - "percy[_-]?project(=| =|:| :)" - "paypal[_-]?client[_-]?secret(=| =|:| :)" - "passwordtravis(=| =|:| :)" - "parse[_-]?js[_-]?key(=| =|:| :)" - "pagerduty[_-]?apikey(=| =|:| :)" - "packagecloud[_-]?token(=| =|:| :)" - "ossrh[_-]?username(=| =|:| :)" - "ossrh[_-]?secret(=| =|:| :)" - "ossrh[_-]?password(=| =|:| :)" - "ossrh[_-]?pass(=| =|:| :)" - "ossrh[_-]?jira[_-]?password(=| =|:| :)" - "os[_-]?password(=| =|:| :)" - "os[_-]?auth[_-]?url(=| =|:| :)" - "org[_-]?project[_-]?gradle[_-]?sonatype[_-]?nexus[_-]?password(=| =|:| :)" - "org[_-]?gradle[_-]?project[_-]?sonatype[_-]?nexus[_-]?password(=| =|:| :)" - "openwhisk[_-]?key(=| =|:| :)" - "open[_-]?whisk[_-]?key(=| =|:| :)" - "onesignal[_-]?user[_-]?auth[_-]?key(=| =|:| :)" - "onesignal[_-]?api[_-]?key(=| =|:| :)" - "omise[_-]?skey(=| =|:| :)" - "omise[_-]?pubkey(=| =|:| :)" - "omise[_-]?pkey(=| =|:| :)" - "omise[_-]?key(=| =|:| :)" - "okta[_-]?oauth2[_-]?clientsecret(=| =|:| :)" - "okta[_-]?oauth2[_-]?client[_-]?secret(=| =|:| :)" - "okta[_-]?client[_-]?token(=| =|:| :)" - "ofta[_-]?secret(=| =|:| :)" - "ofta[_-]?region(=| =|:| :)" - "ofta[_-]?key(=| =|:| :)" - "octest[_-]?password(=| =|:| :)" - "octest[_-]?app[_-]?username(=| =|:| :)" - "octest[_-]?app[_-]?password(=| =|:| :)" - "oc[_-]?pass(=| =|:| :)" - "object[_-]?store[_-]?creds(=| =|:| :)" - "object[_-]?store[_-]?bucket(=| =|:| :)" - "object[_-]?storage[_-]?region[_-]?name(=| =|:| :)" - "object[_-]?storage[_-]?password(=| =|:| :)" - "oauth[_-]?token(=| =|:| :)" - "numbers[_-]?service[_-]?pass(=| =|:| :)" - "nuget[_-]?key(=| =|:| :)" - "nuget[_-]?apikey(=| =|:| :)" - "nuget[_-]?api[_-]?key(=| =|:| :)" - "npm[_-]?token(=| =|:| :)" - "npm[_-]?secret[_-]?key(=| =|:| :)" - "npm[_-]?password(=| =|:| :)" - "npm[_-]?email(=| =|:| :)" - "npm[_-]?auth[_-]?token(=| =|:| :)" - "npm[_-]?api[_-]?token(=| =|:| :)" - "npm[_-]?api[_-]?key(=| =|:| :)" - "now[_-]?token(=| =|:| :)" - "non[_-]?token(=| =|:| :)" - "node[_-]?pre[_-]?gyp[_-]?secretaccesskey(=| =|:| :)" - "node[_-]?pre[_-]?gyp[_-]?github[_-]?token(=| =|:| :)" - "node[_-]?pre[_-]?gyp[_-]?accesskeyid(=| =|:| :)" - "node[_-]?env(=| =|:| :)" - "ngrok[_-]?token(=| =|:| :)" - "ngrok[_-]?auth[_-]?token(=| =|:| :)" - "nexuspassword(=| =|:| :)" - "nexus[_-]?password(=| =|:| :)" - "new[_-]?relic[_-]?beta[_-]?token(=| =|:| :)" - "netlify[_-]?api[_-]?key(=| =|:| :)" - "nativeevents(=| =|:| :)" - "mysqlsecret(=| =|:| :)" - "mysqlmasteruser(=| =|:| :)" - "mysql[_-]?username(=| =|:| :)" - "mysql[_-]?user(=| =|:| :)" - "mysql[_-]?root[_-]?password(=| =|:| :)" - "mysql[_-]?password(=| =|:| :)" - "mysql[_-]?hostname(=| =|:| :)" - "mysql[_-]?database(=| =|:| :)" - "my[_-]?secret[_-]?env(=| =|:| :)" - "multi[_-]?workspace[_-]?sid(=| =|:| :)" - "multi[_-]?workflow[_-]?sid(=| =|:| :)" - "multi[_-]?disconnect[_-]?sid(=| =|:| :)" - "multi[_-]?connect[_-]?sid(=| =|:| :)" - "multi[_-]?bob[_-]?sid(=| =|:| :)" - "minio[_-]?secret[_-]?key(=| =|:| :)" - "minio[_-]?access[_-]?key(=| =|:| :)" - "mile[_-]?zero[_-]?key(=| =|:| :)" - "mh[_-]?password(=| =|:| :)" - "mh[_-]?apikey(=| =|:| :)" - "mg[_-]?public[_-]?api[_-]?key(=| =|:| :)" - "mg[_-]?api[_-]?key(=| =|:| :)" - "mapboxaccesstoken(=| =|:| :)" - "mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "mapbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "mapbox[_-]?api[_-]?token(=| =|:| :)" - "mapbox[_-]?access[_-]?token(=| =|:| :)" - "manifest[_-]?app[_-]?url(=| =|:| :)" - "manifest[_-]?app[_-]?token(=| =|:| :)" - "mandrill[_-]?api[_-]?key(=| =|:| :)" - "managementapiaccesstoken(=| =|:| :)" - "management[_-]?token(=| =|:| :)" - "manage[_-]?secret(=| =|:| :)" - "manage[_-]?key(=| =|:| :)" - "mailgun[_-]?secret[_-]?api[_-]?key(=| =|:| :)" - "mailgun[_-]?pub[_-]?key(=| =|:| :)" - "mailgun[_-]?pub[_-]?apikey(=| =|:| :)" - "mailgun[_-]?priv[_-]?key(=| =|:| :)" - "mailgun[_-]?password(=| =|:| :)" - "mailgun[_-]?apikey(=| =|:| :)" - "mailgun[_-]?api[_-]?key(=| =|:| :)" - "mailer[_-]?password(=| =|:| :)" - "mailchimp[_-]?key(=| =|:| :)" - "mailchimp[_-]?api[_-]?key(=| =|:| :)" - "mail[_-]?password(=| =|:| :)" - "magento[_-]?password(=| =|:| :)" - "magento[_-]?auth[_-]?username (=| =|:| :)" - "magento[_-]?auth[_-]?password(=| =|:| :)" - "lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password(=| =|:| :)" - "lottie[_-]?upload[_-]?cert[_-]?key[_-]?password(=| =|:| :)" - "lottie[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" - "lottie[_-]?happo[_-]?secret[_-]?key(=| =|:| :)" - "lottie[_-]?happo[_-]?api[_-]?key(=| =|:| :)" - "looker[_-]?test[_-]?runner[_-]?client[_-]?secret(=| =|:| :)" - "ll[_-]?shared[_-]?key(=| =|:| :)" - "ll[_-]?publish[_-]?url(=| =|:| :)" - "linux[_-]?signing[_-]?key(=| =|:| :)" - "linkedin[_-]?client[_-]?secretor lottie[_-]?s3[_-]?api[_-]?key(=| =|:| :)" - "lighthouse[_-]?api[_-]?key(=| =|:| :)" - "lektor[_-]?deploy[_-]?username(=| =|:| :)" - "lektor[_-]?deploy[_-]?password(=| =|:| :)" - "leanplum[_-]?key(=| =|:| :)" - "kxoltsn3vogdop92m(=| =|:| :)" - "kubeconfig(=| =|:| :)" - "kubecfg[_-]?s3[_-]?path(=| =|:| :)" - "kovan[_-]?private[_-]?key(=| =|:| :)" - "keystore[_-]?pass(=| =|:| :)" - "kafka[_-]?rest[_-]?url(=| =|:| :)" - "kafka[_-]?instance[_-]?name(=| =|:| :)" - "kafka[_-]?admin[_-]?url(=| =|:| :)" - "jwt[_-]?secret(=| =|:| :)" - "jdbc:mysql(=| =|:| :)" - "jdbc[_-]?host(=| =|:| :)" - "jdbc[_-]?databaseurl(=| =|:| :)" - "itest[_-]?gh[_-]?token(=| =|:| :)" - "ios[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" - "internal[_-]?secrets(=| =|:| :)" - "integration[_-]?test[_-]?appid(=| =|:| :)" - "integration[_-]?test[_-]?api[_-]?key(=| =|:| :)" - "index[_-]?name(=| =|:| :)" - "ij[_-]?repo[_-]?username(=| =|:| :)" - "ij[_-]?repo[_-]?password(=| =|:| :)" - "hub[_-]?dxia2[_-]?password(=| =|:| :)" - "homebrew[_-]?github[_-]?api[_-]?token(=| =|:| :)" - "hockeyapp[_-]?token(=| =|:| :)" - "heroku[_-]?token(=| =|:| :)" - "heroku[_-]?email(=| =|:| :)" - "heroku[_-]?api[_-]?key(=| =|:| :)" - "hb[_-]?codesign[_-]?key[_-]?pass(=| =|:| :)" - "hb[_-]?codesign[_-]?gpg[_-]?pass(=| =|:| :)" - "hab[_-]?key(=| =|:| :)" - "hab[_-]?auth[_-]?token(=| =|:| :)" - "grgit[_-]?user(=| =|:| :)" - "gren[_-]?github[_-]?token(=| =|:| :)" - "gradle[_-]?signing[_-]?password(=| =|:| :)" - "gradle[_-]?signing[_-]?key[_-]?id(=| =|:| :)" - "gradle[_-]?publish[_-]?secret(=| =|:| :)" - "gradle[_-]?publish[_-]?key(=| =|:| :)" - "gpg[_-]?secret[_-]?keys(=| =|:| :)" - "gpg[_-]?private[_-]?key(=| =|:| :)" - "gpg[_-]?passphrase(=| =|:| :)" - "gpg[_-]?ownertrust(=| =|:| :)" - "gpg[_-]?keyname(=| =|:| :)" - "gpg[_-]?key[_-]?name(=| =|:| :)" - "google[_-]?private[_-]?key(=| =|:| :)" - "google[_-]?maps[_-]?api[_-]?key(=| =|:| :)" - "google[_-]?client[_-]?secret(=| =|:| :)" - "google[_-]?client[_-]?id(=| =|:| :)" - "google[_-]?client[_-]?email(=| =|:| :)" - "google[_-]?account[_-]?type(=| =|:| :)" - "gogs[_-]?password(=| =|:| :)" - "gitlab[_-]?user[_-]?email(=| =|:| :)" - "github[_-]?tokens(=| =|:| :)" - "github[_-]?token(=| =|:| :)" - "github[_-]?repo(=| =|:| :)" - "github[_-]?release[_-]?token(=| =|:| :)" - "github[_-]?pwd(=| =|:| :)" - "github[_-]?password(=| =|:| :)" - "github[_-]?oauth[_-]?token(=| =|:| :)" - "github[_-]?oauth(=| =|:| :)" - "github[_-]?key(=| =|:| :)" - "github[_-]?hunter[_-]?username(=| =|:| :)" - "github[_-]?hunter[_-]?token(=| =|:| :)" - "github[_-]?deployment[_-]?token(=| =|:| :)" - "github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass(=| =|:| :)" - "github[_-]?client[_-]?secret(=| =|:| :)" - "github[_-]?auth[_-]?token(=| =|:| :)" - "github[_-]?auth(=| =|:| :)" - "github[_-]?api[_-]?token(=| =|:| :)" - "github[_-]?api[_-]?key(=| =|:| :)" - "github[_-]?access[_-]?token(=| =|:| :)" - "git[_-]?token(=| =|:| :)" - "git[_-]?name(=| =|:| :)" - "git[_-]?email(=| =|:| :)" - "git[_-]?committer[_-]?name(=| =|:| :)" - "git[_-]?committer[_-]?email(=| =|:| :)" - "git[_-]?author[_-]?name(=| =|:| :)" - "git[_-]?author[_-]?email(=| =|:| :)" - "ghost[_-]?api[_-]?key(=| =|:| :)" - "ghb[_-]?token(=| =|:| :)" - "gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" - "gh[_-]?token(=| =|:| :)" - "gh[_-]?repo[_-]?token(=| =|:| :)" - "gh[_-]?oauth[_-]?token(=| =|:| :)" - "gh[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" - "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" - "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id(=| =|:| :)" - "gh[_-]?next[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" - "gh[_-]?email(=| =|:| :)" - "gh[_-]?api[_-]?key(=| =|:| :)" - "gcs[_-]?bucket(=| =|:| :)" - "gcr[_-]?password(=| =|:| :)" - "gcloud[_-]?service[_-]?key(=| =|:| :)" - "gcloud[_-]?project(=| =|:| :)" - "gcloud[_-]?bucket(=| =|:| :)" - "ftp[_-]?username(=| =|:| :)" - "ftp[_-]?user(=| =|:| :)" - "ftp[_-]?pw(=| =|:| :)" - "ftp[_-]?password(=| =|:| :)" - "ftp[_-]?login(=| =|:| :)" - "ftp[_-]?host(=| =|:| :)" - "fossa[_-]?api[_-]?key(=| =|:| :)" - "flickr[_-]?api[_-]?secret(=| =|:| :)" - "flickr[_-]?api[_-]?key(=| =|:| :)" - "flask[_-]?secret[_-]?key(=| =|:| :)" - "firefox[_-]?secret(=| =|:| :)" - "firebase[_-]?token(=| =|:| :)" - "firebase[_-]?project[_-]?develop(=| =|:| :)" - "firebase[_-]?key(=| =|:| :)" - "firebase[_-]?api[_-]?token(=| =|:| :)" - "firebase[_-]?api[_-]?json(=| =|:| :)" - "file[_-]?password(=| =|:| :)" - "exp[_-]?password(=| =|:| :)" - "eureka[_-]?awssecretkey(=| =|:| :)" - "env[_-]?sonatype[_-]?password(=| =|:| :)" - "env[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "env[_-]?secret(=| =|:| :)" - "env[_-]?key(=| =|:| :)" - "env[_-]?heroku[_-]?api[_-]?key(=| =|:| :)" - "env[_-]?github[_-]?oauth[_-]?token(=| =|:| :)" - "end[_-]?user[_-]?password(=| =|:| :)" - "encryption[_-]?password(=| =|:| :)" - "elasticsearch[_-]?password(=| =|:| :)" - "elastic[_-]?cloud[_-]?auth(=| =|:| :)" - "dsonar[_-]?projectkey(=| =|:| :)" - "dsonar[_-]?login(=| =|:| :)" - "droplet[_-]?travis[_-]?password(=| =|:| :)" - "dropbox[_-]?oauth[_-]?bearer(=| =|:| :)" - "doordash[_-]?auth[_-]?token(=| =|:| :)" - "dockerhubpassword(=| =|:| :)" - "dockerhub[_-]?password(=| =|:| :)" - "docker[_-]?token(=| =|:| :)" - "docker[_-]?postgres[_-]?url(=| =|:| :)" - "docker[_-]?password(=| =|:| :)" - "docker[_-]?passwd(=| =|:| :)" - "docker[_-]?pass(=| =|:| :)" - "docker[_-]?key(=| =|:| :)" - "docker[_-]?hub[_-]?password(=| =|:| :)" - "digitalocean[_-]?ssh[_-]?key[_-]?ids(=| =|:| :)" - "digitalocean[_-]?ssh[_-]?key[_-]?body(=| =|:| :)" - "digitalocean[_-]?access[_-]?token(=| =|:| :)" - "dgpg[_-]?passphrase(=| =|:| :)" - "deploy[_-]?user(=| =|:| :)" - "deploy[_-]?token(=| =|:| :)" - "deploy[_-]?secure(=| =|:| :)" - "deploy[_-]?password(=| =|:| :)" - "ddgc[_-]?github[_-]?token(=| =|:| :)" - "ddg[_-]?test[_-]?email[_-]?pw(=| =|:| :)" - "ddg[_-]?test[_-]?email(=| =|:| :)" - "db[_-]?username(=| =|:| :)" - "db[_-]?user(=| =|:| :)" - "db[_-]?pw(=| =|:| :)" - "db[_-]?password(=| =|:| :)" - "db[_-]?host(=| =|:| :)" - "db[_-]?database(=| =|:| :)" - "db[_-]?connection(=| =|:| :)" - "datadog[_-]?app[_-]?key(=| =|:| :)" - "datadog[_-]?api[_-]?key(=| =|:| :)" - "database[_-]?username(=| =|:| :)" - "database[_-]?user(=| =|:| :)" - "database[_-]?port(=| =|:| :)" - "database[_-]?password(=| =|:| :)" - "database[_-]?name(=| =|:| :)" - "database[_-]?host(=| =|:| :)" - "danger[_-]?github[_-]?api[_-]?token(=| =|:| :)" - "cypress[_-]?record[_-]?key(=| =|:| :)" - "coverity[_-]?scan[_-]?token(=| =|:| :)" - "coveralls[_-]?token(=| =|:| :)" - "coveralls[_-]?repo[_-]?token(=| =|:| :)" - "coveralls[_-]?api[_-]?token(=| =|:| :)" - "cos[_-]?secrets(=| =|:| :)" - "conversation[_-]?username(=| =|:| :)" - "conversation[_-]?password(=| =|:| :)" - "contentful[_-]?v2[_-]?access[_-]?token(=| =|:| :)" - "contentful[_-]?test[_-]?org[_-]?cma[_-]?token(=| =|:| :)" - "contentful[_-]?php[_-]?management[_-]?test[_-]?token(=| =|:| :)" - "contentful[_-]?management[_-]?api[_-]?access[_-]?token[_-]?new(=| =|:| :)" - "contentful[_-]?management[_-]?api[_-]?access[_-]?token(=| =|:| :)" - "contentful[_-]?integration[_-]?management[_-]?token(=| =|:| :)" - "contentful[_-]?cma[_-]?test[_-]?token(=| =|:| :)" - "contentful[_-]?access[_-]?token(=| =|:| :)" - "consumerkey(=| =|:| :)" - "consumer[_-]?key(=| =|:| :)" - "conekta[_-]?apikey(=| =|:| :)" - "coding[_-]?token(=| =|:| :)" - "codecov[_-]?token(=| =|:| :)" - "codeclimate[_-]?repo[_-]?token(=| =|:| :)" - "codacy[_-]?project[_-]?token(=| =|:| :)" - "cocoapods[_-]?trunk[_-]?token(=| =|:| :)" - "cocoapods[_-]?trunk[_-]?email(=| =|:| :)" - "cn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "cn[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "clu[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" - "clu[_-]?repo[_-]?url(=| =|:| :)" - "cloudinary[_-]?url[_-]?staging(=| =|:| :)" - "cloudinary[_-]?url(=| =|:| :)" - "cloudflare[_-]?email(=| =|:| :)" - "cloudflare[_-]?auth[_-]?key(=| =|:| :)" - "cloudflare[_-]?auth[_-]?email(=| =|:| :)" - "cloudflare[_-]?api[_-]?key(=| =|:| :)" - "cloudant[_-]?service[_-]?database(=| =|:| :)" - "cloudant[_-]?processed[_-]?database(=| =|:| :)" - "cloudant[_-]?password(=| =|:| :)" - "cloudant[_-]?parsed[_-]?database(=| =|:| :)" - "cloudant[_-]?order[_-]?database(=| =|:| :)" - "cloudant[_-]?instance(=| =|:| :)" - "cloudant[_-]?database(=| =|:| :)" - "cloudant[_-]?audited[_-]?database(=| =|:| :)" - "cloudant[_-]?archived[_-]?database(=| =|:| :)" - "cloud[_-]?api[_-]?key(=| =|:| :)" - "clojars[_-]?password(=| =|:| :)" - "client[_-]?secret(=| =|:| :)" - "cli[_-]?e2e[_-]?cma[_-]?token(=| =|:| :)" - "claimr[_-]?token(=| =|:| :)" - "claimr[_-]?superuser(=| =|:| :)" - "claimr[_-]?db(=| =|:| :)" - "claimr[_-]?database(=| =|:| :)" - "ci[_-]?user[_-]?token(=| =|:| :)" - "ci[_-]?server[_-]?name(=| =|:| :)" - "ci[_-]?registry[_-]?user(=| =|:| :)" - "ci[_-]?project[_-]?url(=| =|:| :)" - "ci[_-]?deploy[_-]?password(=| =|:| :)" - "chrome[_-]?refresh[_-]?token(=| =|:| :)" - "chrome[_-]?client[_-]?secret(=| =|:| :)" - "cheverny[_-]?token(=| =|:| :)" - "cf[_-]?password(=| =|:| :)" - "certificate[_-]?password(=| =|:| :)" - "censys[_-]?secret(=| =|:| :)" - "cattle[_-]?secret[_-]?key(=| =|:| :)" - "cattle[_-]?agent[_-]?instance[_-]?auth(=| =|:| :)" - "cattle[_-]?access[_-]?key(=| =|:| :)" - "cargo[_-]?token(=| =|:| :)" - "cache[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" - "bx[_-]?username(=| =|:| :)" - "bx[_-]?password(=| =|:| :)" - "bundlesize[_-]?github[_-]?token(=| =|:| :)" - "built[_-]?branch[_-]?deploy[_-]?key(=| =|:| :)" - "bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "browserstack[_-]?access[_-]?key(=| =|:| :)" - "browser[_-]?stack[_-]?access[_-]?key(=| =|:| :)" - "brackets[_-]?repo[_-]?oauth[_-]?token(=| =|:| :)" - "bluemix[_-]?username(=| =|:| :)" - "bluemix[_-]?pwd(=| =|:| :)" - "bluemix[_-]?password(=| =|:| :)" - "bluemix[_-]?pass[_-]?prod(=| =|:| :)" - "bluemix[_-]?pass(=| =|:| :)" - "bluemix[_-]?auth(=| =|:| :)" - "bluemix[_-]?api[_-]?key(=| =|:| :)" - "bintraykey(=| =|:| :)" - "bintray[_-]?token(=| =|:| :)" - "bintray[_-]?key(=| =|:| :)" - "bintray[_-]?gpg[_-]?password(=| =|:| :)" - "bintray[_-]?apikey(=| =|:| :)" - "bintray[_-]?api[_-]?key(=| =|:| :)" - "b2[_-]?bucket(=| =|:| :)" - "b2[_-]?app[_-]?key(=| =|:| :)" - "awssecretkey(=| =|:| :)" - "awscn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "awscn[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "awsaccesskeyid(=| =|:| :)" - "aws[_-]?ses[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "aws[_-]?ses[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "aws[_-]?secrets(=| =|:| :)" - "aws[_-]?secret[_-]?key(=| =|:| :)" - "aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "aws[_-]?secret(=| =|:| :)" - "aws[_-]?key(=| =|:| :)" - "aws[_-]?config[_-]?secretaccesskey(=| =|:| :)" - "aws[_-]?config[_-]?accesskeyid(=| =|:| :)" - "aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "aws[_-]?access[_-]?key(=| =|:| :)" - "aws[_-]?access(=| =|:| :)" - "author[_-]?npm[_-]?api[_-]?key(=| =|:| :)" - "author[_-]?email[_-]?addr(=| =|:| :)" - "auth0[_-]?client[_-]?secret(=| =|:| :)" - "auth0[_-]?api[_-]?clientsecret(=| =|:| :)" - "auth[_-]?token(=| =|:| :)" - "assistant[_-]?iam[_-]?apikey(=| =|:| :)" - "artifacts[_-]?secret(=| =|:| :)" - "artifacts[_-]?key(=| =|:| :)" - "artifacts[_-]?bucket(=| =|:| :)" - "artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "artifacts[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" - "artifactory[_-]?key(=| =|:| :)" - "argos[_-]?token(=| =|:| :)" - "apple[_-]?id[_-]?password(=| =|:| :)" - "appclientsecret(=| =|:| :)" - "app[_-]?token(=| =|:| :)" - "app[_-]?secrete(=| =|:| :)" - "app[_-]?report[_-]?token[_-]?key(=| =|:| :)" - "app[_-]?bucket[_-]?perm(=| =|:| :)" - "apigw[_-]?access[_-]?token(=| =|:| :)" - "apiary[_-]?api[_-]?key(=| =|:| :)" - "api[_-]?secret(=| =|:| :)" - "api[_-]?key[_-]?sid(=| =|:| :)" - "api[_-]?key[_-]?secret(=| =|:| :)" - "api[_-]?key(=| =|:| :)" - "aos[_-]?sec(=| =|:| :)" - "aos[_-]?key(=| =|:| :)" - "ansible[_-]?vault[_-]?password(=| =|:| :)" - "android[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" - "anaconda[_-]?token(=| =|:| :)" - "amazon[_-]?secret[_-]?access[_-]?key(=| =|:| :)" - "amazon[_-]?bucket[_-]?name(=| =|:| :)" - "alicloud[_-]?secret[_-]?key(=| =|:| :)" - "alicloud[_-]?access[_-]?key(=| =|:| :)" - "alias[_-]?pass(=| =|:| :)" - "algolia[_-]?search[_-]?key[_-]?1(=| =|:| :)" - "algolia[_-]?search[_-]?key(=| =|:| :)" - "algolia[_-]?search[_-]?api[_-]?key(=| =|:| :)" - "algolia[_-]?api[_-]?key[_-]?search(=| =|:| :)" - "algolia[_-]?api[_-]?key[_-]?mcm(=| =|:| :)" - "algolia[_-]?api[_-]?key(=| =|:| :)" - "algolia[_-]?admin[_-]?key[_-]?mcm(=| =|:| :)" - "algolia[_-]?admin[_-]?key[_-]?2(=| =|:| :)" - "algolia[_-]?admin[_-]?key[_-]?1(=| =|:| :)" - "adzerk[_-]?api[_-]?key(=| =|:| :)" - "admin[_-]?email(=| =|:| :)" - "account[_-]?sid(=| =|:| :)" - "access[_-]?token(=| =|:| :)" - "access[_-]?secret(=| =|:| :)" - "access[_-]?key[_-]?secret(=| =|:| :)"