Linear Personal API key

Description

General

• Documentation: https://developers.linear.app/docs/graphql/working-with-the-graphql-api

• Summary: Linear is an issue tracking tool. This detector focuses on detecting personal API keys.

• IPs allowlist: This feature is not available.

• Scopes: Every key has the same scope.

Revoke the secret

In Settings > API page, API keys can be revoked.

Check for suspicious activity

This feature is not available.

Details for Linear api key

• Family: Api

• Category: Collaboration tool

• Company: Linear

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.8

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - lin_(api|oauth)_

Examples

- text: |
    curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: lin_api_3thmgjor322griohzovh343LU7zvrdvdgT54T45G" \
    --data '{ "query": "{ issues { nodes { id title } } }" }' \
    https://api.linear.app/graphql
  apikey: 'lin_api_3thmgjor322griohzovh343LU7zvrdvdgT54T45G'
- text: |
    curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42" \
    --data '{ "query": "{ issues { nodes { id title } } }" }' \
    https://api.linear.app/graphql
  apikey: 'lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42'

# Fat-fingered secret
- text: Xlin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42
  apikey: 'lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42'