Twilio Keys

Description

General

• Documentation: https://www.twilio.com/docs/usage/api
• Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating: master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting these API keys. Gitguardian's engine also detects Twilio' master credentials
• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
• Scopes: Twilio allows to create two types of API keys: standard keys, or master keys that can manage API keys, account configurations and sub accounts.

Revoke the secret

Keys cannot be rotated but they can be deleted from this page of the dashboard.

Check for suspicious activity

In the enterprise mode, Twilio offers an audit events tab to monitor various events such as API keys usage as well as API calls to monitor events (see here).

Details for Twilio Keys

• Family: credentials

• Category: messaging_system

• Company: Twilio

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.37

• Prefixed: False

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - sk[0-9a-f]{32}

Examples

- text: |
    var Twilio = require('twilio'); +var fs = require('fs'); +var path = require('path'); + +var apiKeySid='SK1fe059e17c773de4c071a57f9f975873'; +var apiKeySecret='4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'
  client_id: 'SK1fe059e17c773de4c071a57f9f975873'
  client_secret: '4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'