- Documentation: https://guides.rubygems.org/rubygems-org-api/
- Summary: RubyGems is the Ruby package manager and hosting service. Its API can be used to interact programmatically with their services. This detector focuses on catching those API keys. Note that a gem server can be self-hosted but the API keys for self-hosted gem server follow a distinct pattern.
- IPs allowlist: To the best of our knowledge, this feature is not supported for RubyGems.org.
- Scopes: There are 7 scopes, see the RubyGem's documentation for more details.
API keys can be revoked from the API keys page.
No extensive logs are provided on RubyGems.org. Yet, the "last access" date is available and can give insights on suspicious activities.
Rubygems saas apikey#
Category: Development tool
High recall: True
Validity check available: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: very rare
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - rubygems_
- text: > $ curl -H 'Authorization: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23' \ https://rubygems.org/api/v1/gems.json apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23- text: > ---- -:rubygems_api_key: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23 -:status: :ok apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23