Please review the Community Note before submitting
Description
Add a detector for Resend (https://resend.com) API keys. I'm on the team at Resend, and we've seen a notable uptick in abuse from leaked API keys lately, and TruffleHog detection would help us (and others) catch and revoke exposed keys faster.
Preferred Solution
Detect Resend API keys by their format re_[1-9A-HJ-NP-Za-km-z]{8}_[1-9A-HJ-NP-Za-km-z]{24} and verify them against the Resend API (GET https://api.resend.com/api-keys), distinguishing full_access from sending_access keys. We can provide sanctioned test credentials for CI via your preferred secure channel.
Additional Context
Both key tiers can send email on behalf of the account, so a leaked key of either type is a real abuse risk. Implementation is already up in the PR below.
References
Please review the Community Note before submitting
Description
Add a detector for Resend (https://resend.com) API keys. I'm on the team at Resend, and we've seen a notable uptick in abuse from leaked API keys lately, and TruffleHog detection would help us (and others) catch and revoke exposed keys faster.
Preferred Solution
Detect Resend API keys by their format
re_[1-9A-HJ-NP-Za-km-z]{8}_[1-9A-HJ-NP-Za-km-z]{24}and verify them against the Resend API (GET https://api.resend.com/api-keys), distinguishingfull_accessfromsending_accesskeys. We can provide sanctioned test credentials for CI via your preferred secure channel.Additional Context
Both key tiers can send email on behalf of the account, so a leaked key of either type is a real abuse risk. Implementation is already up in the PR below.
References