Datadog API Key
Detects Datadog API keys, which are 32 hexadecimal characters with no fixed prefix. Because a bare 32-hex string is generic, this pattern requires a nearby Datadog label to confirm the match. A leaked key grants metric, log and event ingestion access.
- Type
- regex
- Engine
- universal
- Confidence
- medium
- Confidence justification
- Medium confidence: Datadog keys are an undifferentiated 32-hex string, so detection relies on an adjacent Datadog label; without context the value is indistinguishable from an MD5 hash or other 32-hex token.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?i)(?:datadog|dd[-_]?api[-_]?key|DD_API_KEY)[\s\S]{0,40}?(?<![a-f0-9])[a-f0-9]{32}(?![a-f0-9])Corroborative evidence keywords
datadog, datadoghq, DD_API_KEY, dd-api-key, api key, app key, agent
Proximity: 300 characters
Should match
datadog api key: abcdef0123456789abcdef0123456789— Datadog-labelled 32-hex keyDD_API_KEY=0123456789abcdef0123456789abcdef— Datadog env var with 32-hex keydd-api-key = fedcba9876543210fedcba9876543210— dd-api-key label followed by a 32-hex value
Should not match
abcdef0123456789abcdef0123456789— Bare 32-hex value with no Datadog context (could be an MD5 hash)datadog api key: abcdef0123456789— Datadog label but value too short (16 hex not 32)install the datadog agent and paste your api key into the config— Prose mention without a token value
Known false positives
- An MD5 hash or other 32-hex value appearing close to the word datadog in prose. Mitigation: Tighten the proximity gap and require an assignment-style label (=, :) before alerting.
- Documentation or examples showing placeholder hex values near Datadog text. Mitigation: Check for placeholder markers (example, 0000, xxxx).