RubyGems API Key

Description

General

• Documentation: https://guides.rubygems.org/rubygems-org-api/
• Summary: RubyGems is the Ruby package manager and hosting service. Its API can be used to interact programmatically with their services. Gem servers can also be self-hosted. This detector catches API keys for both RubyGems.org and self-hosted gem servers.
• IPs allowlist: This feature is not supported for RubyGems.org.
• Scopes: There are 7 scopes, see the RubyGem's documentation for more details.

Revoke the secret

API keys can be revoked from the API keys page.

Check for suspicious activity

No extensive logs are provided on RubyGems.org. Yet, the "last access" date is available and can give insights on suspicious activities.

Details for Rubygems saas apikey

• Family: token

• Category: package_registry

• Company: RubyGems

• High recall: True

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.01

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - rubygems_

Examples

- text: |
    $ curl -H 'Authorization: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23' \
               https://rubygems.org/api/v1/gems.json
  apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23

- text: |
    ----
    -:rubygems_api_key: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
    -:status: :ok
  apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23

# Fat-fingered secret
- text: Xrubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23
  apikey: rubygems_123abc01a15f32b0be0103de4c9b3dcb3f2fea0fa8a84f23