Algolia Keys
Description
General
- Documentation: https://www.algolia.com/doc/.
- Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.
- IPs allowlist: There is no IP allowlisting possible.
- Scopes: This key has all permissions.
Revoke the secret
- Key can be rotated in the Algolia website.
Check for suspicious activity
There is currently no method to verify the actions done with the key.
Details for Algolia Custom Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 345.07
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- algolia
Examples
- text: |
algolia
clientid= 2D20AW43DA
clientsecret= 3c039c651368a6b0f7640dbda46bfadc
client_id: 2D20AW43DA
client_secret: 3c039c651368a6b0f7640dbda46bfadc
- text: algolia clientid= 2D20AW43DA clientsecret= 3c039c651368a6b0f7640dbda46bfadc
client_id: 2D20AW43DA
client_secret: 3c039c651368a6b0f7640dbda46bfadc
Details for Algolia Monitoring Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: very rare
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- algolia
Examples
- text: |
const ALGOLIA_APP_ID = 'O209R1PN3N';
const ALGOLIA_MONITORING_KEY = '476aee33e12b4ef08e8f1ba9c4b638c0';
client_id: O209R1PN3N
client_secret: 476aee33e12b4ef08e8f1ba9c4b638c0
- text: const ALGOLIA_APP_ID = 'O209R1PN3N'; const ALGOLIA_MONITORING_KEY = '476aee33e12b4ef08e8f1ba9c4b638c0';
client_id: O209R1PN3N
client_secret: 476aee33e12b4ef08e8f1ba9c4b638c0
Details for Algolia Admin Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 345.07
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- algolia
Examples
- text: |
const ALGOLIA_APP_ID = 'OH2GRAP30N';
const ALGOLIA_ADMIN_KEY = 'b782df1739614041699a45f8079a3623';
client_id: OH2GRAP30N
client_secret: b782df1739614041699a45f8079a3623
- text: |
struct Algolia {
static let appId: String = "B2NW9U3W8F"
static let apiKeySearch: String = "d9ad5cd8c4a29789099c7521561228dc"
}pap
client_id: B2NW9U3W8F
client_secret: d9ad5cd8c4a29789099c7521561228dc
- text: const ALGOLIA_APP_ID = 'OH2GRAP30N'; const ALGOLIA_ADMIN_KEY = 'b782df1739614041699a45f8079a3623';
client_id: OH2GRAP30N
client_secret: b782df1739614041699a45f8079a3623
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /1/keys/***
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
