kingfisher/crates/kingfisher-rules/data/rules/hexpm.yml

rules:
  - name: Hex.pm Organization Repository Key
    id: kingfisher.hexpm.1
    pattern: |
      (?xi)
      \b
      (?:
        mix \s+ hex\.organization \s+ (?:auth|key)
        |
        HEX_ORGANIZATION_KEY
        |
        hexpm
        |
        hex\.pm
      )
      (?:.|[\n\r]){0,64}?
      (
        [a-f0-9]{32}
      )
      \b
    pattern_requirements:
      min_digits: 4
      min_lowercase: 8
    min_entropy: 3.5
    confidence: medium
    examples:
      - 'mix hex.organization auth acme --key 126d49fb3014bd26457471ebae97c625'
      - 'HEX_ORGANIZATION_KEY=126d49fb3014bd26457471ebae97c625'
    references:
      - https://hex.pm/docs/private
    # Hex.pm docs only expose these keys as repository authentication hashes.
    # A same-key validation or revocation endpoint is not publicly documented.