generic.secrets.security.detected-pgp-private-key-block.detected-pgp-private-key-block

Community Favorite
profile photo of semgrepsemgrep
Author
42,313
Download Count*

Something that looks like a PGP private key block is detected. This is a potential hardcoded secret that could be leaked if this code is committed. Instead, remove this code block from the commit.

Run Locally

Run in CI

Defintion

rules:
  - id: detected-pgp-private-key-block
    pattern-regex: -----BEGIN PGP PRIVATE KEY BLOCK-----
    languages:
      - regex
    message: Something that looks like a PGP private key block is detected. This is
      a potential hardcoded secret that could be leaked if this code is
      committed. Instead, remove this code block from the commit.
    severity: ERROR
    metadata:
      cwe:
        - "CWE-798: Use of Hard-coded Credentials"
      source-rule-url: https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
      category: security
      technology:
        - secrets
      confidence: LOW
      owasp:
        - A07:2021 - Identification and Authentication Failures
      references:
        - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
      cwe2022-top25: true
      cwe2021-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: MEDIUM
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Hard-coded Secrets

Examples

detected-pgp-private-key-block.txt

# ruleid: detected-pgp-private-key-block
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP v1.0.0
Comment: https://keybase.io/crypto

xcFGBGA9TVIBBADAvplpHiPPayRrez7uhPb1IbpwLbiQUWuDr86E2oe2pmgqh2NH
816wloFSzusBN57ZMg77w9iIVLYphynFIQKyGhRvcLENO0R+7SL3T1PsG05ijANH
4kZuMEnPEin7XvpoeYl0gK3Z1POfrCx5Z/xFxD6H/cXC4zGqQsD8T1zR8wARAQAB
/gkDCEE4dIF4xaONYL7pTDjXMxF/xJqTNeKXlEUqIPqUIc7i1BZEQNlqHEPImlux
RUvwkDZ3JvNW250YBgJWM94HQpqmwXvg9Z/L8iNamqzrRPp8I7G7SMOtTzDOS/Ew
4zrM4kavVhsp4DB+MGjNWRUunc4Y1G8NeK9Oj62siRay8YX2KyeT8zSycLQkPntL
6wGsd8a5Gn6ffaO/BjUWvGBuZBswoLQirFXWKvAWRv0SW9qv+hG0TfmBNa0uYmKE
BNi4PDxkWPfFCY+Bp8yONj0GDFCTup4fIiwETvsDkmJtmFYiTCoKu8Ib9YBE25wy
VvUzi9C5D4sc7t8IYcDV3F1G6WMVRzO+S9aqqFr6zs6IlKvtmzSlMvY/fvbMRW2B
G0yZP5enIYwST5E+jiufse2oAIaGjqp/82MdTqa+r2+KfI+hTDV5izH+oW1tmqaU
pIaB1fI1xM+lcsFb0e2uWMYOBzgSApIgt/E+tTfQ8mJbf1k32HCg4TPNEWYgPGZA
ZXhhbXBsZS5jb20+wq0EEwEKABcFAmA9TVICGy8DCwkHAxUKCAIeAQIXgAAKCRC/
eygMqXKspGiRA/wLa95Zi3fmUhZn9t9ynsvGb441XPE8jj93lO8LzAM7sMCa93HU
NxKGfw1KpMREjNcbxU+pIy1qXthh2XyR0Ml60+uEOHEc2JsyNV0PBhB3LkEFRtbk
AbpJylLCZqlt7O4Ug8JE4Nr460+krd7t1jO7BoMeNWY4eby3+irs+lbI58fBRgRg
PU1SAQQAwnHPVAnoRWbEKI72R4u9GpRd2/xjKa/LMl/fgXajcq6wlOAiX7cHmxX5
j6SmnfHqhDNIH9cEAovGH+hZKgBxAyCf9VOGnvJNkCgmQf7sYhU8Yde6XPSg7i5z
I0o+RQsr4GxZ0mboCp4OuI+UO42zecgC1xtqtUOH6M5OokAR0ScAEQEAAf4JAwiA
I27qYNZOiWCHwn2p9i85ZfYogjs0qdIdNJEzj+pCbsPSnPKhZSBQn6/NdFjrfyUN
Wp1oRfgm5uJ1/Oalc680bR+cPG8tmDMTZyprQ4hVX5iDqLrFA6iHLUwTVL1h1TDD
y3vVd5BX0jvXnraH7G/b/AV0cG03AWMaSZAy7kRXCZEh2H1yrFVPbmn/x039JRtr
jdjq9Jgmf1aU4xOGBNz15Wud2/IclsdPwFExARUDg9Z/DMWwpB6S2bg9fPBuauGj
PkxkLeDIp/AEc+zLRn8cxYuxO+xz5oW1YXvUewUk2MhdXPsl9mfLzSre45PFrJFJ
Ho9U3aJqiD7fftWJ5jaiiofYCAGYcJNUauoYVmVbnCuK7B5kTvocb6eBOQFO2oDQ
3UZVwkh3AZlnjkRxBJho8zn2IPrp3sOb50fKjrjuC5TjdjsYsOocYwMxwg7ETTFb
jeJdWzzAH1jNi2zA0/ufAHKtigFPjXOtwmqXuvY6MK/yi7hCwsCCBBgBCgAPBQJg
PU1SBQkPCZwAAhsuAKcJEL97KAypcqyknCAEGQEKAAYFAmA9TVIACgkQEQ+loKbG
BgOMgwP4ysR3CMk/ALSZx2x+Qi3yqNrUTl/cYJxPvBeNugLrHHwsHBLG8KgNVCLZ
4U/ET7H+6gcK0EuBUZySN7UpK9ancyowUuako8h/PxVimgOveEV5lscZXnh1Scb6
yqfVl3hAbb4fvrIkRga0wvOp/ahj0/WID3AwztTJzb+DUqtCTc5yA/0bS3feAN7J
9zrX/ENOFlxSd4F/d2Ex2ah7+vJ0cHsUu6bcytOGs+2kTcOdFoAhdSZrEEVMROaU
EQR/LHAmbxSdMqhhxNqCRKUJzInQTigtN0sJLk2MQt1ID1KHN9rcSvG2NA6eEVOT
lN4YNfUtYTHNxVdqPs+mq/HZJl1gnNV2IcfBRgRgPU1SAQQAsdowhO9JV6CCKS7I
R+1J28JfqOagUMc4hBMfo7nyf2Jj19fylln+9FRda2i+d0fIG3DPbLmweSsmFhI9
B+rp5nwADbrUihknTM5PpG0Sp+bxXFIpxY28TApbMKAVsFzqTdaABuAD51e3IwI4
DSNYWRFzLbv2pdSUgbPTF1FNiksAEQEAAf4JAwh5OowuAOBlG2A8vcwPtKxVK0hQ
Sht4YxMDaFeZ4zz9XkLmlR67BexyKXvsAhAwJbIxQV2wARrw38pAaVrIcVQSbarp
DwI4C5sqv4Tms+5ImHETXn3bPvjFItvsnr162vcWqvbAchF0WLebCdDPR/dZK7+c
qahj4yIzcTlZRZiWaSpF8lkTgWXyGZnRyAs5PTrULpspbh2X0m5IhebpSX/eZ3C5
qonu34JSzoGLBrVnF0CD/63NnL9fCGYsYmsQB6AKbge7AOZiKLRFctI7Td97lJWz
U4ZaKNyAJ52+/O2QZVN5FJA8hPfaHJD01fwPJgo/yorN03akb1GfzMeXKOuerurd
Nq+VbcDXIFFZJPDEzfbg7lYwWPB5Hg35qrkz3wMUzpve0qxkcMenft0a81O9pO+i
a9DX+O25lIl1y9apyoGezTISkf0ZybvWxthSkg/ypCWaSxVyVWgCcPeAk/vrvTcU
Txr/zXWbLqC99e9V1/IssuK8wsCDBBgBCgAPBQJgPU1SBQkPCZwAAhsuAKgJEL97
KAypcqyknSAEGQEKAAYFAmA9TVIACgkQDK0HBdn6glcTLgP8DpcjGnyry1XYcEHf
SmVox55s5g+oTg5AU5tQ+jHe4Okoq41eFgzats5VmvpzpW/4vt341Jp4RhyZ2Ntl
bGAW/rOVs0ViabD+2LrmpX4irH7xceqGnFv1PNFJoCusqTSLPGhIU+0Ak28QvKm/
gyUwgFC0aR5BWQFEAkIv0ftde8j7eAQAoAB8KuPNxxO7hDwd396y2u3f9QdE83Fy
qSBtrCqlgXurkkQEKz3xzoYX7UjIkZpothy0IcnHINoAsaSDaTTMX8CmQyzWsMl3
nwNjf2ETFyDRuDdXqANrF7/idNknx0aUz70MfrfBjjD9yNw5CFcsKI7tvE5O2bVk
X2Y/76F6KQg=
=6Acw
-----END PGP PRIVATE KEY BLOCK-----