Skip to main content

Supported Patterns

Everything Takumo can detect and tokenize.
All credentials on this page are fake examples. AWS keys use AWS’s official example format. Never use real credentials in documentation.

Cloud Providers

AWS

PatternFormatCategory
Access Key IDAKIA + 16 alphanumericKEY
Secret Access Key40 characters, base64-ishSECRET
Session TokenFwoGZXIvYXdz...TOKEN
// Detected
const accessKey = "AKIAIOSFODNN7EXAMPLE";
const secretKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";

Google Cloud

PatternFormatCategory
API KeyAIza + 35 charactersKEY
Service Account KeyJSON with private_key fieldSECRET

Azure

PatternFormatCategory
Connection StringDefaultEndpointsProtocol=...CONN
Storage Account KeyBase64, ~88 charactersKEY

Payment Providers

Stripe

PatternFormatCategory
Secret Keysk_live_ or sk_test_ + IDKEY
Publishable Keypk_live_ or pk_test_ + IDKEY
Webhook Secretwhsec_ + IDSECRET
Restricted Keyrk_live_ + IDKEY
// All detected (example values)
const stripe = {
  secret: "sk_test_EXAMPLEKEY123456789...",
  publishable: "pk_test_EXAMPLEKEY123456789...",
  webhook: "whsec_EXAMPLEWEBHOOK123..."
};

Developer Tools

GitHub

PatternFormatCategory
Personal Access Tokenghp_ + 36 alphanumericTOKEN
OAuth Access Tokengho_ + 36 alphanumericTOKEN
App Tokenghu_ / ghs_ / ghr_ + IDTOKEN
Fine-grained PATgithub_pat_ + IDTOKEN

GitLab

PatternFormatCategory
Personal Access Tokenglpat- + 20 charactersTOKEN
Pipeline Tokenglptt- + IDTOKEN

npm

PatternFormatCategory
Auth Tokennpm_ + 36 charactersTOKEN

Communication

Slack

PatternFormatCategory
Bot Tokenxoxb- + IDsTOKEN
User Tokenxoxp- + IDsTOKEN
App Tokenxapp- + IDsTOKEN
Webhook URLhooks.slack.com/services/...URL

Discord

PatternFormatCategory
Bot TokenBase64 user ID + timestamp + HMACTOKEN
Webhook URLdiscord.com/api/webhooks/...URL

Twilio

PatternFormatCategory
Account SIDAC + 32 hex charactersKEY
Auth Token32 hex charactersSECRET

SendGrid

PatternFormatCategory
API KeySG. + base64KEY

Databases

Connection Strings

DatabaseFormatCategory
PostgreSQLpostgres://user:pass@host:5432/dbCONN
MySQLmysql://user:pass@host:3306/dbCONN
MongoDBmongodb://user:pass@host:27017/dbCONN
MongoDB+SRVmongodb+srv://user:pass@cluster/dbCONN
Redisredis://user:pass@host:6379CONN
SQL ServerServer=...;Password=...CONN
// All detected (example values)
const dbs = {
  pg: "postgres://admin:examplepass@db.internal:5432/app",
  mongo: "mongodb+srv://user:examplepass@cluster.example.net/db",
  redis: "redis://:examplepass@cache.internal:6379"
};

Authentication

JWT

PatternFormatCategory
JSON Web TokeneyJ + base64 + . + base64 + . + signatureTOKEN
// Detected (this is the standard example JWT from jwt.io - not a real token)
const jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U";

Generic Auth

ContextExamplesCategory
Bearer tokensAuthorization: Bearer ...TOKEN
Basic authAuthorization: Basic ...SECRET

Cryptographic Keys

TypeHeaderCategory
RSA Private Key-----BEGIN RSA PRIVATE KEY-----SECRET
EC Private Key-----BEGIN EC PRIVATE KEY-----SECRET
OpenSSH Private Key-----BEGIN OPENSSH PRIVATE KEY-----SECRET
Generic Private Key-----BEGIN PRIVATE KEY-----SECRET
PGP Private Key-----BEGIN PGP PRIVATE KEY BLOCK-----SECRET

Infrastructure

Internal Hostnames

PatternExamplesCategory
.internal domainsdb.internal, api.prod.internalHOST
.local domainsserver.localHOST
.corp domainsldap.corp.company.comHOST
Private hostnamesprod-db-01, api-server-2HOST

Private IPs

RangeExamplesCategory
Class A10.0.0.1, 10.255.255.255HOST
Class B172.16.0.1 - 172.31.255.255HOST
Class C192.168.0.1, 192.168.255.255HOST
Localhost127.0.0.1HOST

Generic Detection

Variable Names

Secrets assigned to suspicious variable names: 
// All detected
const password = "secret123";
const db_password = "secret123";
const PASSWORD = "secret123";
const userPassword = "secret123";
const api_key = "abc123";
const apiSecret = "xyz789";

// NOT detected (not suspicious names)
const username = "admin";
const greeting = "hello";
const count = 42;

Config Files

In .env, YAML, JSON, TOML files, values for sensitive keys: 
# config.yaml - all detected
database:
  password: "secret123"     # Detected (key is "password")
  secret: "abc123"          # Detected (key is "secret")
  api_key: "xyz789"         # Detected (key is "api_key")

  host: "localhost"         # NOT detected
  port: 5432                # NOT detected
  name: "myapp"             # NOT detected

# .env - all detected
DATABASE_PASSWORD=secret123
API_KEY=abc123
JWT_SECRET=xyz789

# NOT detected
NODE_ENV=production
PORT=3000
DEBUG=true

Missing a pattern?

If Takumo misses something it should catch:
  1. Open an issue
  2. Include an example (redact the actual secret!)
  3. Link to docs about the format if available
We’ll add it.