RubyGems API Key
Description
General
- Documentation: https://guides.rubygems.org/rubygems-org-api/
- Summary: RubyGems is the Ruby package manager and hosting service. Its API can be used to interact programmatically with their services. Gem servers can also be self-hosted. This detector catches API keys for both RubyGems.org and self-hosted gem servers.
- IPs allowlist: This feature is not supported for RubyGems.org.
- Scopes: There are 7 scopes, see the RubyGem's documentation for more details.
Revoke the secret
API keys can be revoked from the API keys page.
Check for suspicious activity
No extensive logs are provided on RubyGems.org. Yet, the "last access" date is available and can give insights on suspicious activities.
Details for RubyGems.org API Key
-
Family: token
-
Category: package_registry
-
Company: RubyGems
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.01
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- rubygems_
Examples
- text: |
$ curl -H 'Authorization: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23' \
https://rubygems.org/api/v1/gems.json
apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
- text: |
----
-:rubygems_api_key: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
-:status: :ok
apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
# Fat-fingered secret
- text: Xrubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
