Cohere API Key

Detects Cohere API keys. Cohere issues an opaque 40-character alphanumeric token with no distinctive vendor prefix, so this pattern requires an adjacent Cohere label (cohere / CO_API_KEY / COHERE_API_KEY) to structurally qualify a match.

Type
regex
Engine
universal
Confidence
medium
Confidence justification
Medium confidence: Cohere's own documentation does not publish the token's visible format; GitGuardian's detector spec and the community-maintained gitleaks ruleset both confirm the key is an unprefixed, opaque 40-character alphanumeric string. Without an adjacent Cohere label the value is indistinguishable from any other 40-character alphanumeric string (a hash, an ID, or unrelated token), so this pattern requires the label and offers no unlabelled/value-only tier.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?i)(?:cohere|co_api_key|cohere_api_key)[\s\S]{0,40}?[=:][\s"']{0,4}(?<![a-z0-9_-])[a-z0-9]{40}(?![a-z0-9_-])

Corroborative evidence keywords

cohere, cohere.ai, CO_API_KEY, COHERE_API_KEY, command r, rerank, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database (+39 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References