rules:
  - name: Tailscale API Key
    id: kingfisher.tailscale.1
    pattern: |
      (?xi)
      \b
      (
        tskey-[a-z]{3,10}-[A-Z0-9_-]{20,36}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.0
    confidence: medium
    examples:
      - tskey-secret-weRTWSfoeFKI-3480754342kDSFelW3
      - tskey-api-weRTWSfoeFKI-3480754342kDSFelW3
    references:
      - https://tailscale.com/kb/1215/oauth-clients
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://api.tailscale.com/api/v2/tailnet/-/devices
          headers:
            Authorization: "Bearer {{ TOKEN }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
    
    revocation:
      type: HttpMultiStep
      content:
        steps:
          # Step 1: List all keys to find the current key's ID
          - name: lookup_key_id
            request:
              method: GET
              url: https://api.tailscale.com/api/v2/tailnet/-/keys
              headers:
                Authorization: "Bearer {{ TOKEN }}"
                Accept: application/json
              response_matcher:
                - type: StatusMatch
                  status: [200]
                - type: JsonValid
            extract:
              # Extract the first key ID from the list
              KEY_ID:
                type: JsonPath
                path: "$.keys[0].id"
          
          # Step 2: Delete the key using its ID
          - name: delete_key
            request:
              method: DELETE
              url: https://api.tailscale.com/api/v2/tailnet/-/keys/{{ KEY_ID }}
              headers:
                Authorization: "Bearer {{ TOKEN }}"
              response_matcher:
                - report_response: true
                - type: StatusMatch
                  status: [200]