Searching GitHub for OpenAI API Keys
OpenAI API keys in the format
sk-<40 case-sensitive alphanumeric characters>
A simple regular expression for this would be
/sk-[a-zA-Z0-9]{40,}/
i.e., match any string that starts with “sk-” followed by at least 40 alphanumeric characters.
GitHub allows regular expression search, but note that if the search is too expensive you’ll get a 5XX
response.
I noticed modifying it to limit to the start of a line, i.e., /^sk-[a-zA-Z0-9]{40,}/
yields results.
Click here to search for OpenAI API keys
Right now it should return a few results. A few thoughts
- I’m not sure if GitHub is sending alerts for API keys being committed to codebases. They absolutely should if they’re not
- OpenAI should allow permission scoping of API keys
- Limiting API keys based on IP CIDR ranges would also be useful
Fin.