{"slug": "github-leaked-api-keys-and-secrets-md", "title": "GitHub-Leaked-API-Keys-and-Secrets.md", "summary": "This article provides a guide for security professionals to identify leaked API keys and secrets on GitHub by using specific search syntax. It lists search patterns for various services, including OpenAI, GitHub OAuth, Slack, Google, and Square, targeting common file extensions and key identifiers. The document emphasizes that human error often leads developers to accidentally commit sensitive credentials to public repositories, making such reconnaissance valuable for vulnerability detection.", "body_md": "As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.\n(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))\n1. OpenAI API keys\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (\"sk-\" AND (openai OR gpt))\nUpdate: We can use following refined regular expression to filters out most dummy keys:\n... AND (/sk-[a-zA-Z0-9]{48}/ AND (openai OR gpt))\nSpecial thanks to @fkulakov for the insightful contribution.\n2. Github OAuth/App/Personal/Refresh Access Token\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND ((\"ghp_\" OR \"gho_\" OR \"ghu_\" OR \"ghs_\" OR \"ghr_\") AND (Github OR OAuth))\n3. Slack Token\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (xox AND Slack)\n4. Google API key\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND (AIza AND Google)\n5. Square OAuth/access token\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND ((\"sq0atp-\" OR \"sq0csp-\") AND (square OR OAuth))\n6. Shopify shared secret, access token, private/custom app access token\n(path:*.xml OR path:*.json OR path:*.properties OR path:*.sql OR path:*.txt OR path:*.log OR path:*.tmp OR path:*.backup OR path:*.bak OR path:*.enc OR path:*.yml OR path:*.yaml OR path:*.toml OR path:*.ini OR path:*.config OR path:*.conf OR path:*.cfg OR path:*.env OR path:*.envrc OR path:*.prod OR path:*.secret OR path:*.private OR path:*.key) AND (access_key OR secret_key OR access_token OR api_key OR apikey OR api_secret OR apiSecret OR app_secret OR application_key OR app_key OR appkey OR auth_token OR authsecret) AND ((\"shpss_\" OR \"shpat_\" OR \"shpca_\" OR \"shppa_\") AND \"Shopify\")\n- Online IDE Search: https://redhuntlabs.com/online-ide-search/\n- Keyhacks on GitHub: https://github.com/streaak/keyhacks\n- Google Hacking Database: https://www.exploit-db.com/google-hacking-database", "url": "https://wpnews.pro/news/github-leaked-api-keys-and-secrets-md", "canonical_source": "https://gist.github.com/win3zz/0a1c70589fcbea64dba4588b93095855", "published_at": "2023-06-18 08:26:06+00:00", "updated_at": "2026-05-22 20:36:04.127291+00:00", "lang": "en", "topics": ["cybersecurity", "developer-tools", "open-source", "cloud-computing", "artificial-intelligence"], "entities": ["GitHub", "OpenAI"], "alternates": {"html": "https://wpnews.pro/news/github-leaked-api-keys-and-secrets-md", "markdown": "https://wpnews.pro/news/github-leaked-api-keys-and-secrets-md.md", "text": "https://wpnews.pro/news/github-leaked-api-keys-and-secrets-md.txt", "jsonld": "https://wpnews.pro/news/github-leaked-api-keys-and-secrets-md.jsonld"}}