Searching GitHub for OpenAI API Keys

OpenAI API keys are in the format:

sk-<40 case-sensitive alphanumeric characters>

A simple regular expression for this would be:

/sk-[a-zA-Z0-9]{40,}/

This matches any string that starts with “sk-” followed by at least 40 alphanumeric characters.

GitHub allows regular expression search, but note that if the search is too expensive you’ll get a 5XX response.

I noticed that modifying it to limit to the start of a line, i.e., /^sk-[a-zA-Z0-9]{40,}/ yields better results.

Click here to search for OpenAI API keys

Right now it should return a few results. A few thoughts:

• I’m not sure if GitHub is sending alerts for API keys being committed to codebases. They absolutely should if they’re not.
• OpenAI should allow permission scoping of API keys.
• Limiting API keys based on IP CIDR ranges would also be useful.