Skip to main content

Algolia Keys

Description#

General#

  • Documentation: https://www.algolia.com/doc/.
  • Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: This key has all permissions.

Revoke the secret#

  • Key can be rotated in the Algolia website.

Check for suspicious activity#

There is currently no method to verify the actions done with the key.

Details for Algolia custom permissions#

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 26.61

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    algolia    clientid= 2D20AW12DA    clientsecret= 3c0c3965368a6b10f7640dbda46abfdc  client_id: 2D20AW12DA  client_secret: 3c0c3965368a6b10f7640dbda46abfdc- text: algolia clientid= 2D20AW12DA clientsecret= 3c0c3965368a6b10f7640dbda46abfdc
  client_id: 2D20AW12DA  client_secret: 3c0c3965368a6b10f7640dbda46abfdc  filename: some_file.md

Details for Algolia monitoring#

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    const ALGOLIA_APP_ID = 'OH29RAPN3N';    const ALGOLIA_MONITORING_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';  client_id: OH29RAPN3N  client_secret: 46aee733e12b4f08ee8f1ba9c4bc6380- text: const ALGOLIA_APP_ID = 'OH29RAPN3N'; const ALGOLIA_MONITORING_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';
  client_id: OH29RAPN3N  client_secret: 46aee733e12b4f08ee8f1ba9c4bc6380  filename: some_file.md

Details for Algolia admin#

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 8.64

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    const ALGOLIA_APP_ID = 'OH29RAPN3N';    const ALGOLIA_ADMIN_KEY = 'b782df173961404a169945f8079362a3';    const ALGOLIA_SEARCH_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';  client_id: OH29RAPN3N  client_secret: b782df173961404a169945f8079362a3- text: >    algolia    static let appId = "B2NW9U3W8F"    static let apiKeySearch = "d9ad5cd8c4a29789099c7521561228dc"    static let apiKeyAdmin = "4934242ed5979c45ed9fb3ec072429ea"  client_id: B2NW9U3W8F  client_secret: d9ad5cd8c4a29789099c7521561228dc- text: const ALGOLIA_APP_ID = 'OH29RAPN3N'; const ALGOLIA_ADMIN_KEY = 'b782df173961404a169945f8079362a3'; const ALGOLIA_SEARCH_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';
  client_id: OH29RAPN3N  client_secret: b782df173961404a169945f8079362a3  filename: some_file.md