This PR fixes inconsistencies in RawV2 secret formatting across multiple detectors and improves request handling in Stripe analyzers.

[Devang-Solanki]

Description:

This PR fixes inconsistencies in RawV2 secret formatting across multiple detectors and improves request handling in Stripe analyzers.

🔐 RawV2 consistency fixes

• Standardized RawV2 format to key:<identifier/secret/domain> instead of direct concatenation:

  • GitLab (v1, v2, v3)
  • Shopify
  • Twilio

• Ensures uniform secret representation for downstream processing and matching.

💳 Stripe analyzer improvements

• Updated Stripe analyzers to:

  • Pass secret keys explicitly instead of headers
  • Use Basic Auth consistently for validation requests
  • Add query parameters (limit=3) when checking permissions

• Fixed request construction and aligned behavior between analyzer and detector implementations.

---

✅ Impact

• More accurate secret detection metadata
• Safer and more reliable Stripe key validation
• Improved consistency across detector outputs

---

Checklist:

• [] Tests passing (make test-community)? - Yes
• Lint passing (make lint this requires golangci-lint)?

[CLAassistant]

All committers have signed the CLA.

[kashifkhan0771]

Hi @Devang-Solanki, thanks for the work you’ve put into this. Unfortunately, we don’t want to change the Raw or RawV2 value formats. Trufflehog treats these fields as identifiers rather than secret holders, and changing them would require migrating a large amount of existing data. The detectors affected by this change are also among our most widely used.

We also prefer to keep unrelated changes in separate PRs. If you could split out the Stripe analyzer changes into separate PR, we’d be happy to review those.

As for the RawV2 changes, I’m afraid we won’t be able to merge them. We appreciate the effort you’ve put in.