Linear Personal API key
Description
General
-
Documentation: https://developers.linear.app/docs/graphql/working-with-the-graphql-api
-
Summary: Linear is an issue tracking tool. This detector focuses on detecting personal API keys.
-
IPs allowlist: This feature is not available.
-
Scopes: Every key has the same scope.
Revoke the secret
In Settings > API page, API keys can be revoked.
Check for suspicious activity
This feature is not available.
Details for Linear api key
-
Family: Api
-
Category: Collaboration tool
-
Company: Linear
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.8
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- lin_(api|oauth)_
Examples
- text: |
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: lin_api_3thmgjor322griohzovh343LU7zvrdvdgT54T45G" \
--data '{ "query": "{ issues { nodes { id title } } }" }' \
https://api.linear.app/graphql
apikey: 'lin_api_3thmgjor322griohzovh343LU7zvrdvdgT54T45G'
- text: |
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42" \
--data '{ "query": "{ issues { nodes { id title } } }" }' \
https://api.linear.app/graphql
apikey: 'lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42'
# Fat-fingered secret
- text: Xlin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42
apikey: 'lin_oauth_8d4b9bd539dcd265935e2d01547e407971add2abb1fba737e202e62f10d8fb42'
