Skip to main content

Algolia Keys

Description#

General#

  • Documentation: https://www.algolia.com/doc/.
  • Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: This key has all permissions.

Revoke the secret#

  • Key can be rotated in the Algolia website.

Check for suspicious activity#

There is currently no method to verify the actions done with the key.

Details for Algolia custom permissions#

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 42.12

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    algolia    clientid= 2D20AW12DA    clientsecret= 3c0c3965368a6b10f7640dbda46abfdc  client_id: 2D20AW12DA  client_secret: 3c0c3965368a6b10f7640dbda46abfdc

Details for Algolia monitoring#

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.01

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    const ALGOLIA_APP_ID = 'OH29RAPN3N';    const ALGOLIA_MONITORING_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';  client_id: OH29RAPN3N  client_secret: 46aee733e12b4f08ee8f1ba9c4bc6380

Details for Algolia admin#

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 5.61

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - algolia

Examples#

- text: >    const ALGOLIA_APP_ID = 'OH29RAPN3N';    const ALGOLIA_ADMIN_KEY = 'b782df173961404a169945f8079362a3';    const ALGOLIA_SEARCH_KEY = '46aee733e12b4f08ee8f1ba9c4bc6380';  client_id: OH29RAPN3N  client_secret: b782df173961404a169945f8079362a3- text: >    algolia    static let appId = "B2NW9U3W8F"    static let apiKeySearch = "d9ad5cd8c4a29789099c7521561228dc"    static let apiKeyAdmin = "4934242ed5979c45ed9fb3ec072429ea"  client_id: B2NW9U3W8F  client_secret: d9ad5cd8c4a29789099c7521561228dc