- Documentation: https://api.slack.com
- Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. This detector focuses on catching Slack application credentials as they allow to take certain actions at the app level accros organizations. They are different from Slack user tokens that are also detected by GitGuardian.
- IPs allowlist: IP allowlisting is supported only for internal application integrations. Read this documentation for more details.
- Scopes: Credentials' scopes depend on the corresponding application.
To revoke the credentials, go to the App dashboard and after selecting the application, click on regenerate next to the Client Secret key field.
Monitoring suspicious activity of keys is not mentioned in Slack's documentation.
Slack app keys#
Category: Messaging system
High recall: False
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 4.16
- type: FilenameBanlistPreValidator banlist_extensions: - css - html - lock - md - storyboard - xib banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - slack
- text: | slack_id: 1489795176992.1423423423544 slack_secret: b52f435d423d8ae2103739d49ab994bb client_id: "1489795176992.1423423423544" client_secret: b52f435d423d8ae2103739d49ab994bb - text: | SLACK_CLIENT_ID = '730191371696.1410179799087' SLACK_CLIENT_SECRET = 'f90dd63cdcb13662a6f4b008081c1542' client_id: "730191371696.1410179799087" client_secret: "f90dd63cdcb13662a6f4b008081c1542"