trufflehog
trufflehog copied to clipboard
Published
20 hours ago •
trufflesecurity
trufflesecurity
No detector for 84-character Azure OpenAI secret keys
TruffleHog Version
trufflehog 3.90.3
Trace Output
No trace output as it failed to detect the secret
Expected Behavior
Should detect the Azure OpenAI Secret and verify it. For that we will need to modify/create the detector.
Actual Behavior
Did not detect the Azure OpenAI Secret
Steps to Reproduce
- Create a Azure Open AI Secret Key
- Put it in a file and configure a pre-commit setup
repos:
- repo: local
hooks:
- id: trufflehog
name: TruffleHog
description: Detect secrets in your data.
entry: bash -c 'trufflehog git file://. --log-level=5 --results=verified,unverified,unknown --fail'
language: system
stages: ["pre-commit", "pre-push"]
- Stage the file with the Secret and the Azure URL
- Now try to commit the file
- The pre-commit setup misses the secret because it does not have a detector for it. The current detector at azure_openai.go uses a regex that only supports API keys of 32 characters in length. However, the API key I have is 84 characters long.
Example
- URL = https://{your-service}.azure.com/openai/deployments/gpt-4o-mini/chat/completions?api-version=2025-01-01-preview
- SECRET = uQ9XsjB7aM2eVt5rL1pZcW6yGk4nF8oHd3RzXaYbT7vUjKmQeP5fNwL9oS2tH1rJ3pZasdasdasdasdasdaa (This is not a valid secret)
Environment
- OS: macOS
- Version 15.5
Additional Context
Current Detector -> https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/azure_openai/azure_openai.go
The curl command I used to verify whether the secret is working or not ->
curl -X POST "https://{your-service}.openai.azure.com/openai/deployments/gpt-4o-mini/chat/completions?api-version=2025-01-01-preview" \
-H "Content-Type: application/json" \
-H "api-key: uQ9XsjB7aM2eVt5rL1pZcW6yGk4nF8oHd3RzXaYbT7vUjKmQeP5fNwL9oS2tH1rJ3pZasdasdasdasdasdaa" \
-d '{
"messages": [
{"role": "system", "content": "You are a test assistant."},
{"role": "user", "content": "Hello"}
],
"max_tokens": 500
}'
