save progress

offline/rules/secrets/sources/aws-access-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.aws-access-key",
+  "version": "1.0.0",
+  "name": "AWS Access Key ID",
+  "description": "Detects AWS Access Key IDs which start with AKIA, ASIA, AIDA, AGPA, AROA, AIPA, ANPA, or ANVA",
+  "type": "regex",
+  "pattern": "(?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["AKIA", "ASIA", "AIDA", "AGPA", "AROA", "AIPA", "ANPA", "ANVA", "aws"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.tf", "*.tfvars", "*.config"],
+  "enabled": true,
+  "tags": ["aws", "cloud", "credentials"],
+  "references": [
+    "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html"
+  ]
+}

offline/rules/secrets/sources/aws-secret-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.aws-secret-key",
+  "version": "1.0.0",
+  "name": "AWS Secret Access Key",
+  "description": "Detects AWS Secret Access Keys (40-character base64 strings near AWS context)",
+  "type": "regex",
+  "pattern": "(?i)(?:aws[_-]?secret[_-]?(?:access[_-]?)?key|secret[_-]?key)['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/+=]{40})['\"]?",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["aws_secret", "secret_key", "secret_access_key", "aws"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.tf", "*.tfvars", "*.config", "*.sh", "*.bash"],
+  "enabled": true,
+  "tags": ["aws", "cloud", "credentials"],
+  "references": [
+    "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html"
+  ]
+}

offline/rules/secrets/sources/azure-storage-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.azure-storage-key",
+  "version": "1.0.0",
+  "name": "Azure Storage Account Key",
+  "description": "Detects Azure Storage Account access keys (base64 encoded, 88 chars)",
+  "type": "regex",
+  "pattern": "(?i)(?:AccountKey|azure[_-]?storage[_-]?key)['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9+/]{86}==)['\"]?",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["AccountKey", "azure_storage", "DefaultEndpointsProtocol"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.tf", "*.tfvars", "appsettings.json", "web.config"],
+  "enabled": true,
+  "tags": ["azure", "cloud", "credentials", "storage"],
+  "references": [
+    "https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage"
+  ]
+}

offline/rules/secrets/sources/database-connection-string.json

@@ -0,0 +1,16 @@
+{
+  "id": "stellaops.secrets.database-connection-string",
+  "version": "1.0.0",
+  "name": "Database Connection String with Credentials",
+  "description": "Detects database connection strings containing embedded credentials",
+  "type": "regex",
+  "pattern": "(?i)(?:postgres|mysql|mongodb|sqlserver|mssql)://[^:]+:[^@]+@[^/]+",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["postgres://", "mysql://", "mongodb://", "sqlserver://", "connection"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "appsettings.json", "*.xml"],
+  "enabled": true,
+  "allowlistPatterns": ["localhost", "127\\.0\\.0\\.1", "\\$\\{", "\\{\\{"],
+  "tags": ["database", "credentials", "connection-string"],
+  "references": []
+}

offline/rules/secrets/sources/datadog-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.datadog-api-key",
+  "version": "1.0.0",
+  "name": "Datadog API Key",
+  "description": "Detects Datadog API keys",
+  "type": "regex",
+  "pattern": "(?i)(?:datadog[_-]?api[_-]?key|DD_API_KEY)['\"]?\\s*[:=]\\s*['\"]?([a-f0-9]{32})['\"]?",
+  "severity": "high",
+  "confidence": "medium",
+  "keywords": ["DD_API_KEY", "datadog_api_key", "datadog"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config"],
+  "enabled": true,
+  "tags": ["datadog", "monitoring", "observability", "credentials", "api-key"],
+  "references": [
+    "https://docs.datadoghq.com/account_management/api-app-keys/"
+  ]
+}

offline/rules/secrets/sources/discord-bot-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.discord-bot-token",
+  "version": "1.0.0",
+  "name": "Discord Bot Token",
+  "description": "Detects Discord bot tokens",
+  "type": "regex",
+  "pattern": "[MN][A-Za-z\\d]{23,}\\.[\\w-]{6}\\.[\\w-]{27,}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["discord", "bot", "token"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.py", "*.js"],
+  "enabled": true,
+  "tags": ["discord", "messaging", "bot", "credentials", "token"],
+  "references": [
+    "https://discord.com/developers/docs/topics/oauth2"
+  ]
+}

offline/rules/secrets/sources/docker-hub-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.docker-hub-token",
+  "version": "1.0.0",
+  "name": "Docker Hub Access Token",
+  "description": "Detects Docker Hub personal access tokens",
+  "type": "regex",
+  "pattern": "dckr_pat_[A-Za-z0-9_-]{27}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["dckr_pat_", "docker", "registry"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.sh", ".docker/config.json"],
+  "enabled": true,
+  "tags": ["docker", "container", "registry", "credentials", "token"],
+  "references": [
+    "https://docs.docker.com/docker-hub/access-tokens/"
+  ]
+}

offline/rules/secrets/sources/gcp-service-account.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.gcp-service-account",
+  "version": "1.0.0",
+  "name": "GCP Service Account Key",
+  "description": "Detects GCP service account JSON key files by their structure",
+  "type": "regex",
+  "pattern": "\"type\"\\s*:\\s*\"service_account\"[\\s\\S]{0,500}\"private_key\"\\s*:\\s*\"-----BEGIN",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["service_account", "private_key", "gcp", "google", "client_email"],
+  "filePatterns": ["*.json"],
+  "enabled": true,
+  "tags": ["gcp", "google", "cloud", "credentials", "service-account"],
+  "references": [
+    "https://cloud.google.com/iam/docs/keys-create-delete"
+  ]
+}

offline/rules/secrets/sources/generic-api-key.json

@@ -0,0 +1,15 @@
+{
+  "id": "stellaops.secrets.generic-api-key",
+  "version": "1.0.0",
+  "name": "Generic API Key",
+  "description": "Detects generic API key patterns in configuration",
+  "type": "regex",
+  "pattern": "(?i)(?:api[_-]?key|apikey|api[_-]?secret)['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9_-]{20,})['\"]?",
+  "severity": "medium",
+  "confidence": "low",
+  "keywords": ["api_key", "apikey", "api-key", "api_secret"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config"],
+  "enabled": true,
+  "tags": ["api-key", "credentials", "generic"],
+  "references": []
+}

offline/rules/secrets/sources/generic-password.json

@@ -0,0 +1,16 @@
+{
+  "id": "stellaops.secrets.generic-password",
+  "version": "1.0.0",
+  "name": "Generic Password Assignment",
+  "description": "Detects hardcoded password assignments in configuration and code",
+  "type": "regex",
+  "pattern": "(?i)(?:password|passwd|pwd)['\"]?\\s*[:=]\\s*['\"]([^'\"\\s]{8,})['\"]",
+  "severity": "high",
+  "confidence": "low",
+  "keywords": ["password", "passwd", "pwd"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.xml"],
+  "enabled": true,
+  "allowlistPatterns": ["\\$\\{", "\\{\\{", "%[A-Z_]+%", "\\$env:", "process\\.env"],
+  "tags": ["password", "credentials", "generic"],
+  "references": []
+}

offline/rules/secrets/sources/github-app-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.github-app-token",
+  "version": "1.0.0",
+  "name": "GitHub App Installation Token",
+  "description": "Detects GitHub App installation access tokens",
+  "type": "regex",
+  "pattern": "ghs_[A-Za-z0-9_]{36,255}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["ghs_", "github", "app"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "*.bash"],
+  "enabled": true,
+  "tags": ["github", "vcs", "credentials", "token", "app"],
+  "references": [
+    "https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app"
+  ]
+}

offline/rules/secrets/sources/github-pat.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.github-pat",
+  "version": "1.0.0",
+  "name": "GitHub Personal Access Token",
+  "description": "Detects GitHub Personal Access Tokens (classic and fine-grained)",
+  "type": "regex",
+  "pattern": "(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,255}",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["ghp_", "gho_", "ghu_", "ghs_", "ghr_", "github"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "*.bash", "*.md", "*.txt"],
+  "enabled": true,
+  "tags": ["github", "vcs", "credentials", "token"],
+  "references": [
+    "https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens"
+  ]
+}

offline/rules/secrets/sources/gitlab-pat.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.gitlab-pat",
+  "version": "1.0.0",
+  "name": "GitLab Personal Access Token",
+  "description": "Detects GitLab Personal Access Tokens (glpat- prefix)",
+  "type": "regex",
+  "pattern": "glpat-[A-Za-z0-9_-]{20,}",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["glpat-", "gitlab"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "*.bash", ".gitlab-ci.yml"],
+  "enabled": true,
+  "tags": ["gitlab", "vcs", "credentials", "token"],
+  "references": [
+    "https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html"
+  ]
+}

offline/rules/secrets/sources/heroku-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.heroku-api-key",
+  "version": "1.0.0",
+  "name": "Heroku API Key",
+  "description": "Detects Heroku API keys",
+  "type": "regex",
+  "pattern": "(?i)(?:heroku[_-]?api[_-]?key|HEROKU_API_KEY)['\"]?\\s*[:=]\\s*['\"]?([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})['\"]?",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["HEROKU_API_KEY", "heroku_api_key", "heroku"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "Procfile"],
+  "enabled": true,
+  "tags": ["heroku", "paas", "credentials", "api-key"],
+  "references": [
+    "https://devcenter.heroku.com/articles/platform-api-quickstart"
+  ]
+}

offline/rules/secrets/sources/jwt-secret.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.jwt-secret",
+  "version": "1.0.0",
+  "name": "JWT Secret Key",
+  "description": "Detects JWT secret keys in configuration",
+  "type": "regex",
+  "pattern": "(?i)(?:jwt[_-]?secret|jwt[_-]?key|secret[_-]?key)['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9+/=_-]{32,})['\"]?",
+  "severity": "high",
+  "confidence": "medium",
+  "keywords": ["jwt_secret", "jwt_key", "secret_key", "JWT"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "appsettings.json"],
+  "enabled": true,
+  "tags": ["jwt", "authentication", "credentials"],
+  "references": [
+    "https://jwt.io/introduction"
+  ]
+}

offline/rules/secrets/sources/mailchimp-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.mailchimp-api-key",
+  "version": "1.0.0",
+  "name": "Mailchimp API Key",
+  "description": "Detects Mailchimp API keys",
+  "type": "regex",
+  "pattern": "[a-f0-9]{32}-us[0-9]{1,2}",
+  "severity": "medium",
+  "confidence": "high",
+  "keywords": ["mailchimp", "-us", "api_key"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config"],
+  "enabled": true,
+  "tags": ["mailchimp", "email", "marketing", "credentials", "api-key"],
+  "references": [
+    "https://mailchimp.com/help/about-api-keys/"
+  ]
+}

offline/rules/secrets/sources/npm-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.npm-token",
+  "version": "1.0.0",
+  "name": "NPM Access Token",
+  "description": "Detects NPM access tokens",
+  "type": "regex",
+  "pattern": "npm_[A-Za-z0-9]{36}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["npm_", "npmrc", "_authToken"],
+  "filePatterns": [".npmrc", "*.yml", "*.yaml", "*.json", "*.env", "*.sh"],
+  "enabled": true,
+  "tags": ["npm", "package-manager", "credentials", "token"],
+  "references": [
+    "https://docs.npmjs.com/about-access-tokens"
+  ]
+}

offline/rules/secrets/sources/nuget-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.nuget-api-key",
+  "version": "1.0.0",
+  "name": "NuGet API Key",
+  "description": "Detects NuGet.org API keys",
+  "type": "regex",
+  "pattern": "oy2[a-z0-9]{43}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["oy2", "nuget", "NuGetApiKey"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.config", "nuget.config", "*.csproj", "*.ps1"],
+  "enabled": true,
+  "tags": ["nuget", "dotnet", "package-manager", "credentials", "api-key"],
+  "references": [
+    "https://docs.microsoft.com/en-us/nuget/nuget-org/publish-a-package#create-api-keys"
+  ]
+}

offline/rules/secrets/sources/private-key-ec.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.private-key-ec",
+  "version": "1.0.0",
+  "name": "EC Private Key",
+  "description": "Detects EC (Elliptic Curve) private keys in PEM format",
+  "type": "regex",
+  "pattern": "-----BEGIN EC PRIVATE KEY-----[\\s\\S]{50,}-----END EC PRIVATE KEY-----",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["BEGIN EC PRIVATE KEY", "END EC PRIVATE KEY"],
+  "filePatterns": ["*.pem", "*.key", "*.txt", "*.env", "*.yml", "*.yaml", "*.json", "*.config"],
+  "enabled": true,
+  "tags": ["cryptography", "private-key", "ecdsa"],
+  "references": [
+    "https://www.rfc-editor.org/rfc/rfc5915"
+  ]
+}

offline/rules/secrets/sources/private-key-generic.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.private-key-generic",
+  "version": "1.0.0",
+  "name": "Generic Private Key",
+  "description": "Detects generic private keys in PEM format (PKCS#8)",
+  "type": "regex",
+  "pattern": "-----BEGIN PRIVATE KEY-----[\\s\\S]{100,}-----END PRIVATE KEY-----",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["BEGIN PRIVATE KEY", "END PRIVATE KEY"],
+  "filePatterns": ["*.pem", "*.key", "*.txt", "*.env", "*.yml", "*.yaml", "*.json", "*.config"],
+  "enabled": true,
+  "tags": ["cryptography", "private-key", "pkcs8"],
+  "references": [
+    "https://www.rfc-editor.org/rfc/rfc5958"
+  ]
+}

offline/rules/secrets/sources/private-key-openssh.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.private-key-openssh",
+  "version": "1.0.0",
+  "name": "OpenSSH Private Key",
+  "description": "Detects OpenSSH private keys (newer format)",
+  "type": "regex",
+  "pattern": "-----BEGIN OPENSSH PRIVATE KEY-----[\\s\\S]{50,}-----END OPENSSH PRIVATE KEY-----",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["BEGIN OPENSSH PRIVATE KEY", "END OPENSSH PRIVATE KEY"],
+  "filePatterns": ["*.pem", "*.key", "id_rsa", "id_ed25519", "id_ecdsa", "*.txt"],
+  "enabled": true,
+  "tags": ["cryptography", "private-key", "ssh", "openssh"],
+  "references": [
+    "https://man.openbsd.org/ssh-keygen"
+  ]
+}

offline/rules/secrets/sources/private-key-rsa.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.private-key-rsa",
+  "version": "1.0.0",
+  "name": "RSA Private Key",
+  "description": "Detects RSA private keys in PEM format",
+  "type": "regex",
+  "pattern": "-----BEGIN RSA PRIVATE KEY-----[\\s\\S]{100,}-----END RSA PRIVATE KEY-----",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["BEGIN RSA PRIVATE KEY", "END RSA PRIVATE KEY"],
+  "filePatterns": ["*.pem", "*.key", "*.txt", "*.env", "*.yml", "*.yaml", "*.json", "*.config"],
+  "enabled": true,
+  "tags": ["cryptography", "private-key", "rsa"],
+  "references": [
+    "https://www.rfc-editor.org/rfc/rfc7468"
+  ]
+}

offline/rules/secrets/sources/pypi-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.pypi-token",
+  "version": "1.0.0",
+  "name": "PyPI API Token",
+  "description": "Detects PyPI API tokens",
+  "type": "regex",
+  "pattern": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9_-]{50,}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["pypi-", "pypi.org"],
+  "filePatterns": [".pypirc", "*.yml", "*.yaml", "*.json", "*.env", "*.sh", "*.toml"],
+  "enabled": true,
+  "tags": ["pypi", "python", "package-manager", "credentials", "token"],
+  "references": [
+    "https://pypi.org/help/#apitoken"
+  ]
+}

offline/rules/secrets/sources/sendgrid-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.sendgrid-api-key",
+  "version": "1.0.0",
+  "name": "SendGrid API Key",
+  "description": "Detects SendGrid API keys",
+  "type": "regex",
+  "pattern": "SG\\.[A-Za-z0-9_-]{22}\\.[A-Za-z0-9_-]{43}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["SG.", "sendgrid"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config"],
+  "enabled": true,
+  "tags": ["sendgrid", "email", "credentials", "api-key"],
+  "references": [
+    "https://docs.sendgrid.com/ui/account-and-settings/api-keys"
+  ]
+}

offline/rules/secrets/sources/slack-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.slack-token",
+  "version": "1.0.0",
+  "name": "Slack Token",
+  "description": "Detects Slack Bot, User, and Webhook tokens",
+  "type": "regex",
+  "pattern": "xox[baprs]-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["xoxb-", "xoxa-", "xoxp-", "xoxr-", "xoxs-", "slack"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "*.bash", "*.config"],
+  "enabled": true,
+  "tags": ["slack", "messaging", "credentials", "token"],
+  "references": [
+    "https://api.slack.com/authentication/token-types"
+  ]
+}

offline/rules/secrets/sources/slack-webhook.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.slack-webhook",
+  "version": "1.0.0",
+  "name": "Slack Webhook URL",
+  "description": "Detects Slack incoming webhook URLs",
+  "type": "regex",
+  "pattern": "https://hooks\\.slack\\.com/services/T[A-Z0-9]{8,}/B[A-Z0-9]{8,}/[A-Za-z0-9]{24}",
+  "severity": "medium",
+  "confidence": "high",
+  "keywords": ["hooks.slack.com", "webhook", "slack"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.sh", "*.bash", "*.config", "*.md"],
+  "enabled": true,
+  "tags": ["slack", "messaging", "webhook"],
+  "references": [
+    "https://api.slack.com/messaging/webhooks"
+  ]
+}

offline/rules/secrets/sources/stripe-restricted-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.stripe-restricted-key",
+  "version": "1.0.0",
+  "name": "Stripe Restricted Key",
+  "description": "Detects Stripe restricted API keys",
+  "type": "regex",
+  "pattern": "rk_(?:live|test)_[A-Za-z0-9]{24,}",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["rk_live_", "rk_test_", "stripe"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.js", "*.ts", "*.py", "*.rb"],
+  "enabled": true,
+  "tags": ["stripe", "payment", "credentials", "api-key"],
+  "references": [
+    "https://stripe.com/docs/keys#limit-access"
+  ]
+}

offline/rules/secrets/sources/stripe-secret-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.stripe-secret-key",
+  "version": "1.0.0",
+  "name": "Stripe Secret Key",
+  "description": "Detects Stripe secret API keys (live and test)",
+  "type": "regex",
+  "pattern": "sk_(?:live|test)_[A-Za-z0-9]{24,}",
+  "severity": "critical",
+  "confidence": "high",
+  "keywords": ["sk_live_", "sk_test_", "stripe"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.js", "*.ts", "*.py", "*.rb"],
+  "enabled": true,
+  "tags": ["stripe", "payment", "credentials", "api-key"],
+  "references": [
+    "https://stripe.com/docs/keys"
+  ]
+}

offline/rules/secrets/sources/telegram-bot-token.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.telegram-bot-token",
+  "version": "1.0.0",
+  "name": "Telegram Bot Token",
+  "description": "Detects Telegram Bot API tokens",
+  "type": "regex",
+  "pattern": "[0-9]{8,10}:[A-Za-z0-9_-]{35}",
+  "severity": "high",
+  "confidence": "medium",
+  "keywords": ["telegram", "bot", "api.telegram.org"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config", "*.py", "*.js"],
+  "enabled": true,
+  "tags": ["telegram", "messaging", "bot", "credentials", "token"],
+  "references": [
+    "https://core.telegram.org/bots/api#authorizing-your-bot"
+  ]
+}

offline/rules/secrets/sources/twilio-api-key.json

@@ -0,0 +1,17 @@
+{
+  "id": "stellaops.secrets.twilio-api-key",
+  "version": "1.0.0",
+  "name": "Twilio API Key",
+  "description": "Detects Twilio API Key SIDs and Auth Tokens",
+  "type": "regex",
+  "pattern": "(?:SK[a-f0-9]{32}|AC[a-f0-9]{32})",
+  "severity": "high",
+  "confidence": "high",
+  "keywords": ["SK", "AC", "twilio", "TWILIO"],
+  "filePatterns": ["*.yml", "*.yaml", "*.json", "*.env", "*.properties", "*.config"],
+  "enabled": true,
+  "tags": ["twilio", "messaging", "sms", "credentials", "api-key"],
+  "references": [
+    "https://www.twilio.com/docs/iam/keys/api-key"
+  ]
+}