Skip to content

Add Resend detector #5107

Description

@mwoss

Please review the Community Note before submitting

Description

Add a detector for Resend (https://resend.com) API keys. I'm on the team at Resend, and we've seen a notable uptick in abuse from leaked API keys lately, and TruffleHog detection would help us (and others) catch and revoke exposed keys faster.

Preferred Solution

Detect Resend API keys by their format re_[1-9A-HJ-NP-Za-km-z]{8}_[1-9A-HJ-NP-Za-km-z]{24} and verify them against the Resend API (GET https://api.resend.com/api-keys), distinguishing full_access from sending_access keys. We can provide sanctioned test credentials for CI via your preferred secure channel.

Additional Context

Both key tiers can send email on behalf of the account, so a leaked key of either type is a real abuse risk. Implementation is already up in the PR below.

References

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions