Twilio Keys

Description

General

Documentation: https://www.twilio.com/docs/usage/api
Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating: master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting these API keys. Gitguardian's engine also detects Twilio' master credentials
IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
Scopes: Twilio allows to create two types of API keys: standard keys, or master keys that can manage API keys, account configurations and sub accounts.

Revoke the secret

Keys cannot be rotated but they can be deleted from this page of the dashboard.

Check for suspicious activity

In the enterprise mode, Twilio offers an audit events tab to monitor various events such as API keys usage as well as API calls to monitor events (see here).

Details for `Twilio api keys`

Family: Api
Category: Messaging system
Company: Twilio
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 3.89
Prefixed: False
PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - sk[0-9a-f]{32}

Examples

- text: |
    var Twilio = require('twilio'); +var fs = require('fs'); +var path = require('path'); + +var apiKeySid='SK1fe059e17c773de4c071a57f9f975873'; +var apiKeySecret='4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'
  client_id: 'SK1fe059e17c773de4c071a57f9f975873'
  client_secret: '4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'