rules: - name: Hashicorp Vault Service Token (< v1.10) id: kingfisher.hashicorp.1 pattern: | (?x) (?i: hashicorp | vault | token | key | secret ) (?:.|[\n\r]){0,32}? \b ( s\.[A-Za-z0-9_-]{24,128} ) \b pattern_requirements: min_digits: 2 confidence: medium min_entropy: 3.0 examples: - 'VAULT_CLIENT_TOKEN="s.Z4bTMtngfLeQ18AqVoBBkUAOD1"' - 'vaultToken="s.CAESIP2jTxc9S3K7Z6CtcFWQv7-044m_oS.0H3nF89l3GiYKHGh3cy5sQmlIZVNyTWJNcDRsYWJpQjlhYjVlb2cQh6PL8wEYAg"`' references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - name: Hashicorp Vault Batch Token (< v1.10) id: kingfisher.hashicorp.2 pattern: | (?x) (?i: hashicorp | vault | token | key | secret ) ["':=\ ]{0,5} (b\.[A-Za-z0-9_-]{24,500}) (?: [^A-Za-z0-9_-] | $ ) pattern_requirements: min_digits: 2 examples: - 'VAULT_CLIENT_TOKEN="b.Z4bTMtngfLeQ18AqVoBBkUAOD1"' confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - name: Hashicorp Vault Recovery Token (< v1.10) id: kingfisher.hashicorp.3 pattern: | (?x) (?i: hashicorp | vault | token | key | secret ) ["':=\ ]{0,5} (r\.[A-Za-z0-9_-]{24,500}) (?: [^A-Za-z0-9_-] | $ ) pattern_requirements: min_digits: 2 examples: - 'VAULT_CLIENT_TOKEN="r.Z4bTMtngfLeQ18AqVoBBkUAOD1"' confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - https://developer.hashicorp.com/vault/docs/concepts/recovery-mode - name: Hashicorp Vault Service Token (>= v1.10) id: kingfisher.hashicorp.4 pattern: | (?x) (hvs\.[A-Za-z0-9]{24,130}) (?: [^A-Za-z0-9_-] | $ ) pattern_requirements: min_digits: 2 examples: - "apikey: hvs.JGbZZaCkOSgsZ56uhGlTK2zyC1j2mwhy0VLp4" confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - name: Hashicorp Vault Batch Token (>= v1.10) id: kingfisher.hashicorp.5 pattern: | (?x) (hvb\.[A-Za-z0-9_-]{24,500}) (?: [^A-Za-z0-9_-] | $ ) pattern_requirements: min_digits: 2 examples: - "apikey: hvb.JGbZZaCkOSgsZ56uhGlTK2zyC1j2mwhy0VLp4" - "hvb.AAAAAQJgxDgqsGNorpoOR8hPZ5SU-ynBvCl764jyRP_fnX8WvkdkDzGjbLNGdPdtlY32Als2P36yDZueqzfdGw9RsaTeaYXSH5E4RYSWuRoQ9YRKIw9o7mDDY2ZcT3KOB7RwtW2w1FN2eDqcy_sbCjXPaM1iBVH-mqMSYRmRd2nb5D1SJPeBzIYRqSglLc32wUGN7xEzyrKUczqOKsIcybQA" confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - name: Hashicorp Vault Recovery Token (>= v1.10) id: kingfisher.hashicorp.6 pattern: | (?x) (hvr\.[A-Za-z0-9]{24,130}) (?: [^A-Za-z0-9_-] | $ ) pattern_requirements: min_digits: 2 examples: - "apikey: hvr.JGbZZaCkOSgsZ56uhGlTK2zyC1j2mwhy0VLp4" confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/tokens - https://developer.hashicorp.com/vault/docs/concepts/recovery-mode - name: Hashicorp Vault Unseal Key id: kingfisher.hashicorp.7 pattern: | (?x) (?i: unseal ) \b .{1,10} ([a-zA-Z0-9+/]{44}) (?: [^a-zA-Z0-9+/] | $ ) pattern_requirements: min_digits: 2 examples: - "Unseal Key 2: 0tZn+7QQCxphpHwTm7/dC3LpP5JGIbYl3PK8Sy81R+P2" - "oc -n vault exec -ti vault-0 -- vault operator unseal 98m+o2ylRhVbOi+3o5ub6PbP343ocFUVORgSYeypMDjh" confidence: medium min_entropy: 3.0 references: - https://developer.hashicorp.com/vault/docs/concepts/seal