kingfisher/crates/kingfisher-rules/data/rules/couchbase.yml

rules:
  - name: Couchbase Capella API Key
    id: kingfisher.couchbase.1
    pattern: |
      (?xi)
      \b
      (?:couchbase|capella)
      (?:.|[\n\r]){0,32}?
      (?:
        api
        (?:.|[\n\r]){0,12}?
        (?:key|secret)
        |
        key
        (?:.|[\n\r]){0,12}?
        secret
      )
      (?:.|[\n\r]){0,32}?
      \b
      (
        [A-Za-z0-9+/]{60,120}={0,2}
      )
      \b
    pattern_requirements:
      min_digits: 4
      min_uppercase: 4
      min_lowercase: 4
    min_entropy: 4.0
    confidence: medium
    examples:
      - 'COUCHBASE_API_KEY_SECRET="QktxVUtFU1dKV1FlJBYXdnTVlRemFZdmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDJBQ0RF"'
      - |
        capella_api_secret = 'aB1cD2eF3gH4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3aA4bB5cC6dD7eE8fF9gG0hH1iJ2kL3m=='
    references:
      - https://docs.couchbase.com/cloud/management-api-reference/index.html
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://cloudapi.cloud.couchbase.com/v4/organizations
          headers:
            Accept: application/json
            Authorization: 'Bearer {{ TOKEN }}'
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid