Python Package Index Key

Description

General

• Documentation: https://warehouse.readthedocs.io/api-reference/index.html
• Summary: The python package index also called PyPI is the official software repository for Python. It is often used as a default source for packages by package managers. PyPI exposes an API to interact with the repository. This detectors catches the PyPI API keys used to perform authentication when uploading packages.
• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
• Scopes: A token's scope can be limited to a specific project.

Revoke the secret

API keys can be revoked from the account settings page.

Check for suspicious activity

On the account settings page, for each API key, the date of last use is displayed.

Details for Python package index key

• Family: Api

• Category: Package registry

• Company: Python Package Index

• High recall: True

• Validity check available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 4.47

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - pypi-

Examples

- text: 'secure: pypi-AxBQcHiwcS5vcmcCJFDfMtN3ODItSWU3MIQtSDRhGA09ZBUzLTjjPDVmYDQqGBO8MtECBHsncGVybWbze1zvbzMyVmF1InEwb2hpH4BzCjzgKyXaayDuR90hLUNlaQAubZljdWftBs4qaGJdESygHnZpcnGob24iBvAydQAABiCFPKfRi-zIfHzJo4UcUHDJ3UxB8bMk3zgv9NoUz5KAVA'
  apikey: pypi-AxBQcHiwcS5vcmcCJFDfMtN3ODItSWU3MIQtSDRhGA09ZBUzLTjjPDVmYDQqGBO8MtECBHsncGVybWbze1zvbzMyVmF1InEwb2hpH4BzCjzgKyXaayDuR90hLUNlaQAubZljdWftBs4qaGJdESygHnZpcnGob24iBvAydQAABiCFPKfRi-zIfHzJo4UcUHDJ3UxB8bMk3zgv9NoUz5KAVA

- text: '-password: pypi-DtBQcAsyaS5waxdCHAI1KmJjUTM5MKI6YjFtLDNwNC07CDQyLWVbZEDkZDA8UoEyYgACUXbzcGSebLlyc2lqbeMtOgEwbHYlapIfICJ7ZWPkeX9uProgJF0FAFYqd2dAAFj0IGA-K_T1uo7Ds2vvaMNwACP6bm6z2azpAYE'
  apikey: pypi-DtBQcAsyaS5waxdCHAI1KmJjUTM5MKI6YjFtLDNwNC07CDQyLWVbZEDkZDA8UoEyYgACUXbzcGSebLlyc2lqbeMtOgEwbHYlapIfICJ7ZWPkeX9uProgJF0FAFYqd2dAAFj0IGA-K_T1uo7Ds2vvaMNwACP6bm6z2azpAYE