Skip to content

Commit aaeb24d

Browse files
koki-developclaude
koki-develop
and
claude
committed
feat(masker): add support for Anthropic, OpenAI, and Supabase API keys
Add new patterns to --mask-secrets for masking: - Anthropic API Keys (sk-ant-...) - OpenAI API Keys (sk-... and sk-proj-...) - Supabase Secret Keys (sb_secret_...) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
1 parent 4ec2f42 commit aaeb24d

File tree

3 files changed

+29
-0
lines changed

3 files changed

+29
-0
lines changed

README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,9 @@ Supported patterns:
112112
- GitHub Tokens (`ghp_`, `gho_`, `ghs_`, `ghr_`)
113113
- GitLab Personal Access Tokens
114114
- Slack Tokens
115+
- Anthropic API Keys
116+
- OpenAI API Keys
117+
- Supabase Secret Keys
115118
- JWT Tokens
116119
- Private Key Headers
117120

internal/masker/masker.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,12 @@ var patterns = []*regexp.Regexp{
1414
regexp.MustCompile(`glpat-[a-zA-Z0-9\-_]{20,}`),
1515
// Slack Tokens
1616
regexp.MustCompile(`xox[baprs]-[0-9a-zA-Z\-]+`),
17+
// Anthropic API Key (must be before OpenAI to avoid false matches)
18+
regexp.MustCompile(`sk-ant-[a-zA-Z0-9\-_]+`),
19+
// OpenAI API Key (both legacy sk- and new sk-proj- formats)
20+
regexp.MustCompile(`sk-(?:proj-)?[a-zA-Z0-9_\-]{20,}`),
21+
// Supabase Secret Key
22+
regexp.MustCompile(`sb_secret_[a-zA-Z0-9\-_]+`),
1723
// JWT Tokens
1824
regexp.MustCompile(`eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*`),
1925
// Private Key Headers

internal/masker/masker_test.go

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,26 @@ func TestMask(t *testing.T) {
3838
input: "SLACK_TOKEN=xoxb-123456789-abcdefgh",
3939
want: "SLACK_TOKEN=" + strings.Repeat("*", 23),
4040
},
41+
{
42+
name: "Anthropic API Key",
43+
input: "ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
44+
want: "ANTHROPIC_API_KEY=" + strings.Repeat("*", 57),
45+
},
46+
{
47+
name: "OpenAI API Key (legacy)",
48+
input: "OPENAI_API_KEY=sk-1234567890_abcdef-1234567890_abcdef-1234567890",
49+
want: "OPENAI_API_KEY=" + strings.Repeat("*", 49),
50+
},
51+
{
52+
name: "OpenAI API Key (project)",
53+
input: "OPENAI_API_KEY=sk-proj-abcd_1234-efgh_5678-ijkl_9012-mnop",
54+
want: "OPENAI_API_KEY=" + strings.Repeat("*", 42),
55+
},
56+
{
57+
name: "Supabase Secret Key",
58+
input: "SUPABASE_KEY=sb_secret_1234567890abcdef1234567890abcdef",
59+
want: "SUPABASE_KEY=" + strings.Repeat("*", 42),
60+
},
4161
{
4262
name: "JWT Token",
4363
input: "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",

0 commit comments

Comments
 (0)