Skip to main content

SendGrid Key

Description#

General#

  • Documentation: https://sendgrid.com/docs/API_Reference/index.html
  • Summary: SendGrid is a communication platform for transactional and marketing emails. It offers a REST API to programmatically send emails and perform all sort of actions with a SendGrid account. Leaking a SendGrid API key can result in malicious individuals sending emails in the name of the concerned organization.
  • IPs allowlist: IP allowlisting can be set in the web application under Settings in the IP Access Management tab. This documentation provides more thorough details on the process.
  • Scopes: There are three types of API keys, these are described in the Type of API keys page of the documentation.

Revoke the secret#

This can be done on the SendGrid dahsboard. More information can be found in the documentation.

Check for suspicious activity#

SendGrid keeps security logs during one year as mentioned here. Recent access attempts are also displayed in the web application under Settings in the IP Access Management tab. This documentation page gives more details.

Details for Sendgrid#

  • Category: Messaging system

  • Company: SendGrid

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 59.67

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - sg\.

Examples#

- text: "email.config.server.password=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"  apikey: "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"