Skip to main content

Okta Keys



  • Documentation:
  • Summary: Okta is an identity and access management company, it provides cloud solutions that help companies manage and secure user authentication. Applications that use Okta for authentication can be set and associated to a user account, they are attributed a client_id and a client_secret to authenticate communications between the applications and Okta. This detector focuses on catching those keys.
  • IPs allowlist: Sign on rules can be set for each application to restrict the zone from which user can connect and thus interact with Okta.
  • Scopes: A variety of scopes can be associated to the application that is integrating with Okta, from the Application/Okta API Scopes tab.

Revoke the secret

A new client secret can be generated from the Application/General tab of the dashboard. This automatically revokes the previous client secret.

Check for suspicious activity

Okta keeps logs of any actions or calls made with an application registered on the platform.

Details for Okta keys

  • Family: Api

  • Category: Identity provider

  • Company: Okta

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 5.59

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
- 0oa[a-z0-9_-]{10,20}


- text: |
// Add Okta_Keys to your environment variables
client_id: '0oaq5duedN0lmmT143i4'
client_secret: '3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw'

- text: |
$(app) -i -c 0oaq5duedN0lmmT143i4 -c secret-client=3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw
client_id: '0oaq5duedN0lmmT143i4'
client_secret: '3Be9-tDiFMDp6kYdmQDsbUFEVy7K2_wb0lsje2vw'

How can I help you ?