Twilio Keys
Description
General
- Documentation: https://www.twilio.com/docs/usage/api
- Summary: Twilio is a cloud communications company that allows software developers to send and receive text messages and phone calls. Twilio exposes a variety of APIs to allow developers to programmatically interact with the service. Twilio provides two ways of authenticating: master credentials, or API keys that can be quickly created and revoked and are typically safer to use. This detector focuses on detecting these API keys. Gitguardian's engine also detects Twilio' master credentials
- IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
- Scopes: Twilio allows to create two types of API keys: standard keys, or master keys that can manage API keys, account configurations and sub accounts.
Revoke the secret
Keys cannot be rotated but they can be deleted from this page of the dashboard.
Check for suspicious activity
In the enterprise mode, Twilio offers an audit events tab to monitor various events such as API keys usage as well as API calls to monitor events (see here).
Details for Twilio api keys
-
Family: Api
-
Category: Messaging system
-
Company: Twilio
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 0.37
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- sk[0-9a-f]{32}
Examples
- text: |
var Twilio = require('twilio'); +var fs = require('fs'); +var path = require('path'); + +var apiKeySid='SK1fe059e17c773de4c071a57f9f975873'; +var apiKeySecret='4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'
client_id: 'SK1fe059e17c773de4c071a57f9f975873'
client_secret: '4BDNaWxPP5naXdt54Fb4KwAWkfNohej8'
