feat: add more rules

pkg/rules/adafruit.yaml

@@ -0,0 +1,27 @@
+rules:
+  - name: Adafruit API Key
+    id: ghost.adafruit.1
+    description: Adafruit API key.
+    tags:
+      - api
+      - adafruit
+    pattern: |
+      (?x)
+        \b
+          (aio_(?i)[A-Z0-9]{28})
+        \b
+    entropy: 4.1
+    redact: [8, 4]
+    tests:
+      assert:
+        - aio_vUNz42yN0X3PIlLUJOgt4xKV2cw6
+        - aio_JrVD04gaKJEC8U1Yg42GHJhqjXp1
+        - aio_KsTE15hbLKFD9V2Zh53HIKirkYq2
+      assert_not:
+        - aio_vUNz42yN0X3PIlLUJOgt4xKV2cw6x
+        - aio_JrVD04gaKJEC8U1Yg42GHJhqjXp
+        - aio_KsTE15hbLKFD9%2Zh53HIKirkYq2
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://io.adafruit.com/api/

pkg/rules/aws.yaml

@@ -21,13 +21,13 @@ rules:
         - 'export AWS_SECRET_ACCESS_KEY="qDhThtrkeMhCoOZA+vm4ykuE4AdyZpbGhL1QYwvl"'
         - 'export AWS_SECRET_ACCESS_KEY="1GTdO8YGWxwngbmy6ayrPZ/pIlWV+0sE65Ikxyvu"'
         - 'const AWS_SECRET_ACCESS_KEY = "Mss7b8mKOD2inkntQg75H6FClnj+xAYKvO9HflVj"'
-        - 'export AWS_SECRET_ACCESS_KEY=Mss7b8mKOD2inkntQg75H6FClnj+xAYKvO9HflVj'
+        - "export AWS_SECRET_ACCESS_KEY=Mss7b8mKOD2inkntQg75H6FClnj+xAYKvO9HflVj"
       assert_not:
         - aws_secret_access_key_id=abc123
         - 'export AWS_SECRET_ACCESS_KEY="Mss7b8mKOD2inkntQg75H6FClnj+xAYKvO9HflVjxx"'
         - 'export AWS_SECRET_ACCESS_KEY="Mss7b8mKOD2inkntQg75H6FClnj+xAYKvO9HflV"'
         - 'AWS_SESSION_TOKEN="AQoDYXdzEHoaCXVzLWVhc3CIQCzOfn2RRDrFYRNqc9wWbvfIPwz"'
-        - 'AWS_SESSION_TOKEN=AQoDYXdzEHoaCXVzLWVhc3CIQCzOfn2RRDrFYRNqc9wWbvfIPwz'
+        - "AWS_SESSION_TOKEN=AQoDYXdzEHoaCXVzLWVhc3CIQCzOfn2RRDrFYRNqc9wWbvfIPwz"
     history:
       - 2025-08-07 initial version
     refs:
@@ -60,3 +60,85 @@ rules:
       - 2025-08-07 initial version
     refs:
       - https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7
+  - name: AWS Bedrock API Key
+    id: ghost.aws.3
+    description: AWS Bedrock API Key
+    tags:
+      - api
+      - aws
+      - bedrock
+    pattern: |
+      (?x)
+        \b
+          (ABSK(?i)[A-Z0-9]{110,112}={0,2})
+        \b
+    entropy: 4.7
+    redact: [8, 4]
+    tests:
+      assert:
+        - ABSKdGVzdDEtYXQtNzMwMzM1NjYzODY0OjRiZXRmTVBnYjhROGpTekNBRjJjb1hiOHVBRC9ncitHT1VMUjQzVGwzY09UV0RPNGlGb2dtbXpZQzBVPQ==
+        - ABSKdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6elpvTGlXQkdGOHQzUTM3SkJwWVB3dHpJdm1Qc1ZCZjdiMGlmbUFmTU9JVk5rR3h1Z00rc0lXYnBqUEE9
+        - ABSKdGVzdDEtYXQtNzMwMzM1NjYzODY0OlNXK3hjN3dsdWdjbDlDVE1qODRVRWllY3FlQ1VqL3c4TTQ3cktqWjd0Ym5SZDFVeTlkMk9PWDErVFhRPQ==
+      assert_not:
+        - ABSKdGVzdDEtYXQtNzMwMzM1NjYzODY0OjRiZXRmTVBnYjhROGpTekNBRjJjb1hiOHVBRC9ncitHT1VMUjQzVGwzY09UV0RPNGlGb2dtbXpZQzBVPQxxx==
+        - ABSKdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6elpvTGlXQkdGOHQzUTM3SkJwWVB3dHpJdm1Qc1ZCZjdiMGlmbUFmTU9JVk5rR3h1Z00rc0lXYn
+        - ABSKdGVzdDEtYXQtNzMwMzM1NjYzODY%OlNXK3hjN3dsdWdjbDlDVE1qODRVRWllY3FlQ1VqL3c4TTQ3cktqWjd0Ym5SZDFVeTlkMk9PWDErVFhRPQ==
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://docs.aws.amazon.com/bedrock/latest/userguide/api-keys.html
+  - name: AWS CloudWatch Logs API Key
+    id: ghost.aws.4
+    description: AWS CloudWatch Logs API Key
+    tags:
+      - api
+      - aws
+      - cloudwatch
+      - logs
+    pattern: |
+      (?x)
+        \b
+          (ACWL(?i)[A-Z0-9]{110,112}={0,2})
+        \b
+    entropy: 4.7
+    redact: [8, 4]
+    tests:
+      assert:
+        - ACWLdGVzdDEtYXQtNzMwMzM1NjYzODY0OmF1dkUrMHVmUElKdysyQjF6aDYrN0NQMEFYekJmRlJ4RXpnVnlSZzAwcGJNNnlzWkx1OWhHZHEwYjNJPQ==
+        - ACWLdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6L3krNytYYmp4RnRkdDY2c2FQZG5sMWc4RDhrNHA1VGQ5NGNVOEVvb2VjS3NmczhGWThhTUc2QVprdEE9
+        - ACWLdGVzdDErMi1hdC03MzAzMzU2NjM4NjQ6WHp1ME8zdEFFWWx2cmNwODFMbmhISDl1QThCOThXaGp3OW1kTU5vWU9TbmpNWThGeWN1MlRwTXJJM2M9
+      assert_not:
+        - ACWLdGVzdDEtYXQtNzMwMzM1NjYzODY0OmF1dkUrMHVmUElKdysyQjF6aDYrN0NQMEFYekJmRlJ4RXpnVnlSZzAwcGJNNnlzWkx1OWhHZHEwYjNJPQxxx==
+        - ACWLdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6L3krNytYYmp4RnRkdDY2c2FQZG5sMWc4RDhrNHA1VGQ5NGNVOEVvb2VjS3NmczhGWThhTUc2
+        - ACWLdGVzdDErMi1hdC03MzAzMzU2NjM4NjQ6WH%1ME8zdEFFWWx2cmNwODFMbmhISDl1QThCOThXaGp3OW1kTU5vWU9TbmpNWThGeWN1MlRwTXJJM2M9
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock_cloudwatchlogs.html
+  - name: AWS Mantle API Key
+    id: ghost.aws.5
+    description: AWS Mantle API Key
+    tags:
+      - api
+      - aws
+      - mantle
+    pattern: |
+      (?x)
+        \b
+          (AEAA(?i)[A-Z0-9]{110,112}={0,2})
+        \b
+    entropy: 4.7
+    redact: [8, 4]
+    tests:
+      assert:
+        - AEAAdGVzdDEtYXQtNzMwMzM1NjYzODY0OkVUNXBxY3JrNjVvZUxxQXV0YU5VQlp3bWVRMW9GdXY3Uyt2bkRmWm9XL0VoMTlHQXZnTWtrUWxNOGtNPQ==
+        - AEAAdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6MmZPMjVYSm9ob3FERUo5YU1CRXE3VjhULzlLNlVZQmdWNjlnemdlbGlVTVZndzh5YStvUzNxckpXWUk9
+        - AEAAdGVzdDEtYXQtNzMwMzM1NjYzODY0OnBSejFIL2RicE94aWYvR2s2VzVYYmg0YTlDeGwzN0hhNkM2cWkyU2RCYUJndWY1dFVEL0c4TUlnSUg0PQ==
+      assert_not:
+        - AEAAdGVzdDEtYXQtNzMwMzM1NjYzODY0OkVUNXBxY3JrNjVvZUxxQXV0YU5VQlp3bWVRMW9GdXY3Uyt2bkRmWm9XL0VoMTlHQXZnTWtrUWxNOGtNPQxxx==
+        - AEAAdGVzdDErMS1hdC03MzAzMzU2NjM4NjQ6MmZPMjVYSm9ob3FERUo5YU1CRXE3VjhULzlLNlVZQmdWNjlnemdlbGlVTVZndzh5YStvUz
+        - AEAAdGVzdDEtYXQtNzMwMzM1NjYzODY0OnBSejFIL2RicE%4aWYvR2s2VzVYYmg0YTlDeGwzN0hhNkM2cWkyU2RCYUJndWY1dFVEL0c4TUlnSUg0PQ==
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://docs.aws.amazon.com/bedrock/latest/userguide/api-keys-generate.html

pkg/rules/cloudflare.yaml

@@ -1,7 +1,7 @@
 rules:
   - name: Cloudflare API Key
     id: ghost.cloudflare.1
-    description: Cloudflare API key.
+    description: Cloudflare Legacy API key.
     tags:
       - api
       - cloudflare
@@ -16,12 +16,40 @@ rules:
     redact: [4, 4]
     tests:
       assert:
-        - 'export CLOUDFLARE_API_KEY=LZ16Lc034UX_CVz6n0dLKMcSicjYBWKVKvHiL3FQ'
-        - 'export CLOUDFLARE_KEY=T6n_WTtEMYCCMn_SyYg-gaYGSXQAcyyhttLHJ4OV'
-        - 'export CLOUDFLARE_TOKEN=X45xjDWKQt3wbgVJ5u90yiriCOykOap1khf9L16g'
+        - "export CLOUDFLARE_API_KEY=LZ16Lc034UX_CVz6n0dLKMcSicjYBWKVKvHiL3FQ"
+        - "export CLOUDFLARE_KEY=T6n_WTtEMYCCMn_SyYg-gaYGSXQAcyyhttLHJ4OV"
+        - "export CLOUDFLARE_TOKEN=X45xjDWKQt3wbgVJ5u90yiriCOykOap1khf9L16g"
       assert_not:
-        - 'CLOUDFLARE_API_KEY=1234567890123456789012345'
+        - "CLOUDFLARE_API_KEY=1234567890123456789012345"
     history:
       - 2025-08-12 initial version
     refs:
       - https://developers.cloudflare.com/api/keys/
+  - name: Cloudflare API Token
+    id: ghost.cloudflare.2
+    description: Cloudflare API Token
+    tags:
+      - api
+      - cloudflare
+    pattern: |
+      (?x)
+        \b
+          (cfat_(?i)[A-Z0-9]{48})
+        \b
+    entropy: 4.5
+    redact: [8, 4]
+    tests:
+      assert:
+        - cfat_UB0MfOlxpFgubYq2dC5IHsEEqrzIrfRFMYxCMQ0Z40aa7eda
+        - cfat_ZWxJwxygFEfd2FCJ5slUVbObT30TEJGDqsXMRjjXae4b8856
+        - cfat_8toU86YGBaJRm2LiePgdL7WhJGX8XYDSdJlN18hKde12870e
+        - cfat_hP1JZqIhfQcXHlHtLOJdtOZoGL8IJow1cjfRHgaU071eccaa
+        - cfat_sl5NHodTTUKmsyHJ7ggw7fNckDW6cQqcO3jPcpXZ8e5f938c
+      assert_not:
+        - cfat-8toU86YGBaJRm2LiePgdL7WhJGX8XYDSdJlN18hKde12870e
+        - cfat_hP1JZqIhfQcXHlHtLOJdtOZoGL8IJow1cjfRHgaU071eccaax
+        - cfat_sl5NHodTTUKmsyHJ7ggw7fNckDW6cQqcO3jPcpXZ8e5f938
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://developers.cloudflare.com/fundamentals/api/get-started/create-token/

pkg/rules/figma.yaml

@@ -0,0 +1,28 @@
+rules:
+  - name: Figma PAT
+    id: ghost.figma.1
+    description: Figma Personal Access Token
+    tags:
+      - api
+      - figma
+      - pat
+    pattern: |
+      (?x)
+        \b
+          (figd_(?i)[A-Z0-9_-]{40})
+        \b
+    entropy: 4.5
+    redact: [8, 4]
+    tests:
+      assert:
+        - figd_3N1VI0Ha_uwiJ5PKUtgA7wgmEkOle-nf3ttktnNp
+        - figd_XRPmuSnRfDu2ZT3KVmgJETJws75rDDD9qezI1LNk
+        - figd_znvr_DUZeLOJxhRKW1G5TRdSTZjD0iPMv-1Sju3c
+      assert_not:
+        - figd-3N1VI0Ha_uwiJ5PKUtgA7wgmEkOle-nf3ttktnNp
+        - figd_XRPmuSnRfDu2ZT3KVmgJETJws75rDDD9qezI1LNkX
+        - figd_znvr_DUZeLOJxhRKW1G5TRdSTZjD0iPMv-1Sju3
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://help.figma.com/hc/en-us/articles/8085703771159-Manage-personal-access-tokens

pkg/rules/grafana.yaml

@@ -0,0 +1,28 @@
+rules:
+  - name: Grafana Service Account Token
+    id: ghost.grafana.1
+    description: Grafana Service Account token.
+    tags:
+      - api
+      - grafana
+    pattern: |
+      (?x)
+        \b
+          (glsa_(?i)[a-z0-9]{32}_[a-f0-9]{8})
+        \b
+    entropy: 4.5
+    redact: [8, 4]
+    tests:
+      assert:
+        - glsa_03XVEFyrK28hSv4t7n3k2MLxTD7VHW03_a7bfd9a6
+        - glsa_z6QUYEllV4qeToSBaBwZwhVgpiUJ0p3d_256a49e4
+        - glsa_C2mMRokbTwC22X7f7knWqp3f1vnTKaDE_2e76d2d1
+      assert_not:
+        - glsa_03XVEFyrK28hSv4t7n3k2MLxTD7VHW03_a7bfd9a6b
+        - glsa_z6QUYEllV4qeToSBaBwZwhVgpiUJ0p3db_256a49e4
+        - glsa_C2mMRokbTwC22X7f7knWqp3f1vnTKaD_2e76d2d1
+        - glsa_C2mMRokbTwC22X7f7knWqp3f1vnTKaDE_2e76d2x1
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/http-api/examples/create-api-tokens-for-org/

pkg/rules/langfuse.yaml

@@ -0,0 +1,27 @@
+rules:
+  - name: Langfuse Secret Key
+    id: ghost.langfuse.1
+    description: Langfuse Secret Key.
+    tags:
+      - api
+      - langfuse
+    pattern: |
+      (?x)
+        \b
+          (sk-lf-(?i)[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})
+        \b
+    entropy: 3.5
+    redact: [10, 4]
+    tests:
+      assert:
+        - sk-lf-01bba4f0-9594-54db-9c74-b8a8697fbfdc
+        - sk-lf-301fbb40-4c9d-5505-9bac-d464d786994e
+        - sk-lf-35fb6929-95ac-4b29-9143-aab8bd65f7ec
+      assert_not:
+        - sk-lf-01bba4f0-9594-54db-9c74-b8a8697fbfdcb
+        - sk-lf-301fbb40-4c9d-5505-9bac-d464d786994x
+        - sk-lf-35fb6929-95ac-4b29-9143-aab8bd65f7e
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://langfuse.com/docs/api-and-data-platform/features/public-api

pkg/rules/logfire.yaml

@@ -0,0 +1,28 @@
+rules:
+  - name: Logfire API Key
+    id: ghost.logfire.1
+    description: Logfire API key.
+    tags:
+      - api
+      - logfire
+    pattern: |
+      (?x)
+        \b
+          (pylf_v\d_[a-z]{2}_(?i)[a-f0-9]{8}-(?:[a-f0-9]{4}-){3}[a-f0-9]{12}_[a-z0-9]{44})
+        \b
+    entropy: 4.7
+    redact: [8, 4]
+    tests:
+      assert:
+        - pylf_v2_us_fcc783e6-5131-4167-9e77-04024f9cc54c_x8PhY6Vj6NNbrRRHP7wSQpJC0Bk0RmNDKPWcmzb6Np1B
+        - pylf_v2_us_5d315215-71f5-473e-9fd7-927d9fe661aa_MnygjlXcNnxzq4TW8p0MN7fkhCWDCRqcVZfk4kBNPcLv
+        - pylf_v2_eu_0d877f16-b7a7-49d9-98d5-625b22d67f39_j8dk0mvKQz9brpBGlg2Y7Gxzzxmq1x3TYDPc1z0zjYZg
+      assert_not:
+        - pylf_v1_us_fcc783e6-5131-4167-9e77-04024f9cc54c_x8PhY6Vj6NNbrRRHP7wSQpJC0Bk0RmNDKPWcmzb6Np1Bx
+        - pylf_v2_eu_5d315215-71f5-473e-9fd7-927d9fe661aa_MnygjlXcNnxz%4TW8p0MN7fkhCWDCRqcVZfk4kBNPcLv
+        - pylf_v3_us_0d877f16-b7a7-49d9-98d5-625b22d67f3_j8dk0mvKQz9brpBGlg2Y7Gxzzxmq1x3TYDPc1z0zjYZg
+        - pylf_v4_eu_0d877f16-b7a7-49d9-98z5-625b22d67f39_j8dk0mvKQz9brpBGlg2Y7Gxzzxmq1x3TYDPc1z0zjYZg
+    history:
+      - 2026-04-01 initial version
+    refs:
+      - https://pydantic.dev/docs/logfire/manage/use-api-keys/#creating-api-keys

pkg/rules/pinecone.yaml

@@ -0,0 +1,28 @@
+rules:
+  - name: Pinecode API Key
+    id: ghost.pinecone.1
+    description: Pinecone API key
+    tags:
+      - api
+      - pinecone
+    pattern: |
+      (?x)
+        \b
+          (pcsk_(?i)[A-Z0-9]{6}_[A-Z0-9]{63})
+        \b
+    entropy: 4.7
+    redact: [8, 4]
+    tests:
+      assert:
+        - pcsk_6XuBHw_PeUorjVwHfazjPneYWjxSTTwVYphk8BPcxuiYYfqCLuCeB8925kh8UDuefvSPum
+        - pcsk_2ubPgg_TXD3ShenTomniM5qvHFchivrsPL8mx3Ceev1pefzucxyQ45tFeMJ5YczwHRmryW
+        - pcsk_6kgeUp_7qEtJ3cKs2o7n4YP3ZEJdVjWJ8ZZbZBEnyLWCkUqrMQk9Bv6ybSkFNr5E5oGZsa
+      assert_not:
+        - pcsk_6XuBH_PeUorjVwHfazjPneYWjxSTTwVYphk8BPcxuiYYfqCLuCeB8925kh8UDuefvSPum
+        - pcsk_2ubPgg-TXD3ShenTomniM5qvHFchivrsPL8mx3Ceev1pefzucxyQ45tFeMJ5YczwHRmryW
+        - pcsk_6kgeUp_7qEtJ3cKs2o7n4YP3ZEJdVjWJ8ZZbZBEnyLWCkUqrMQk9Bv6ybSkFNr5E5oGZs
+        - pcsk_6kgeUp_7qEtJ3cKs2o7n4YP%ZEJdVjWJ8ZZbZBEnyLWCkUqrMQk9Bv6ybSkFNr5E5oGZsa
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://docs.pinecone.io/guides/assistant/admin/manage-api-keys#create-an-api-key

pkg/rules/postman.yaml

@@ -0,0 +1,29 @@
+rules:
+  - name: Postman API Key
+    id: ghost.postman.1
+    description: Postman API key.
+    tags:
+      - api
+      - postman
+    pattern: |
+      (?x)
+        \b
+          (PMAK-(?i)[a-f0-9]{24}-[a-f0-9]{34})
+        \b
+    entropy: 3.5
+    redact: [7, 4]
+    tests:
+      assert:
+        - PMAK-69d5512421053c00018c509c-6c4ad64b57d61351461393c42ddeb35e69
+        - PMAK-69d5512421053c00018c509c-6cbf30b31c5fdf6e57c8f421992794a65c
+        - PMAK-69c10a2c3b438e00014203a4-8f29a7dbaaec42592ca806b16c7efd4276
+        - PMAK-69c10a402ce42a0001f82ebd-b77e7e91273742e6f661d614b06f42e553
+      assert_not:
+        - PMAK-69d5512421053c00018c509c-6c4ad64b57d61351461393c42ddeb35x69
+        - PMAK-69d5512421053c00018c509c-6cbf30b31c5fdf6e57c8f421992794a65ca
+        - PMAK-69c10a2c3b438e00014203a4-8f29a7dbaaec42592ca806b16c7efd427
+        - PMAK_69c10a402ce42a0001f82ebd_b77e7e91273742e6f661d614b06f42e553
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://learning.postman.com/docs/developer/postman-api/authentication

pkg/rules/pubnub.yaml

@@ -0,0 +1,27 @@
+rules:
+  - name: Pubnub Secret Key
+    id: ghost.pubnub.1
+    description: Pubnub Secret key.
+    tags:
+      - api
+      - pubnub
+    pattern: |
+      (?x)
+        \b
+          (sec-c-(?i)[A-Z0-9]{48})
+        \b
+    entropy: 4.1
+    redact: [8, 4]
+    tests:
+      assert:
+        - sec-c-Nzg2N3E5MjYtMWM0Zi00YzY5LTk1ZjItZmIyMWMyMzJjOWVi
+        - sec-c-ZDlmMjg3MWQtMWNjNi00N3U4LTgxMjYtMzg1M2NkZTFlOTA2
+        - sec-c-Y2I3MWQ0MjItMWMwYS00NzZmLWEwNjktZGJkZjkyNWRkOTRk
+      assert_not:
+        - sec-x-Nzg2N3E5MjYtMWM0Zi00YzY5LTk1ZjItZmIyMWMyMzJjOWVi
+        - sec-c-ZDlmMjg3MWQtMWNjNi00N3U4LTgxMjYtMzg1M2NkZTFlOTA2x
+        - sec-c-Y2I3MWQ0MjItMWMwYS00NzZmLWEwNjktZGJkZjkyNWRkOTR
+    history:
+      - 2026-04-07 initial version
+    refs:
+      - https://www.pubnub.com/docs/general/portal/keysets