Add detection for short sk-None- prefixed OpenAI API keys

OpenAI issues keys with sk-None- prefix in both short (56 char) and long (130+ char) formats. The existing openai.2 rule only matches long keys with {100,} minimum length. This adds openai.3 to detect the short variant: sk-None- followed by exactly 48 alphanumeric characters. Fixes detection gap where trufflehog found valid keys that kingfisher missed.
2026-01-13 13:00:55 +05:30 · 2026-01-13 13:00:55 +05:30 · 69d447dcc9
commit 69d447dcc9
parent 75dd8f66dc
1 changed files with 29 additions and 0 deletions
--- a/data/rules/openai.yml
+++ b/data/rules/openai.yml
@ -60,3 +60,32 @@ rules:
                - 200
              type: StatusMatch
          url: https://api.openai.com/v1/models
+
+  - name: OpenAI API Key (Short Prefixed)
+    id: kingfisher.openai.3
+    pattern: |
+      (?xi)
+      (
+        sk-None-[A-Z0-9]{48}
+      )
+    pattern_requirements:
+      min_digits: 2
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - sk-None-abcdefghij1234567890ABCDEFGHIJ1234567890abcdefgh
+    references:
+      - https://help.openai.com/en/articles/9132009-how-can-i-view-the-users-or-organizations-associated-with-an-api-key
+    validation:
+      type: Http
+      content:
+        request:
+          headers:
+            Authorization: 'Bearer {{ TOKEN }}'
+          method: GET
+          response_matcher:
+            - report_response: true
+            - status:
+                - 200
+              type: StatusMatch
+          url: https://api.openai.com/v1/me