[allowlist]
  description = "Test and example keys and passwords that should not be reported as leaks"
  regexes = [
      '''AKIAIOSFODNN7EXAMPLE''',  # example AWS access key ID in README
      '''wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY''',  # example AWS secret access key in README
  ]
  paths = [
  ]

[[rules]]
  id = "generic-api-key"
  description = "Generic API Key"
  regex = '''(?i)(api[_-]?key|apikey|secret|password|token|key|auth[_-]?token|access[_-]?token|private[_-]?key)['"`]?\s*[:=]\s*['"`]?[a-zA-Z0-9\-_]{8,64}['"`]?'''
  tags = ["key", "generic", "api"]

[[rules]]
  id = "aws-access-key-id"
  description = "AWS Access Key ID"
  regex = '''AKIA[0-9A-Z]{16}'''
  tags = ["key", "AWS"]

[[rules]]
  id = "aws-secret-access-key"
  description = "AWS Secret Access Key"
  regex = '''(?i)aws[_-]?secret[_-]?access[_-]?key['"`]?\s*[:=]\s*['"`]?[A-Za-z0-9/+=]{40}['"`]?'''
  tags = ["key", "AWS"]

[[rules]]
  id = "private-key"
  description = "Private Key"
  regex = '''-----BEGIN[^-]+PRIVATE KEY-----'''
  tags = ["key", "private"]

[[rules]]
  id = "ssh-private-key"
  description = "SSH Private Key"
  regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
  tags = ["key", "SSH", "private"]