trufflesecurity
Detect privy.io app ids and secrets
Please review the Community Note before submitting
Description
Privy.io (a Stripe business) runs a SaaS for managing blockchain wallets.
One important method for authenticating to the management API is to pass an app ID and app secret: https://docs.privy.io/api-reference/introduction#authentication in the HTTP Authorization header, analogous to many other APIs that accept bearer auth.
Preferred Solution
Search for a Privy app id and secret. If found, validate them against a readonly API method such as https://docs.privy.io/api-reference/wallets/get-all.
The app id is 24 bytes of base64, unfortunately currently not tagged with a prefix.
The app secret for recently generated secrets begins with privy_app_secret_ followed by base64.
You can create a free account at privy.io to make test credentials.
