Grafana API Key
Detects Grafana Cloud API tokens (glc_ prefix) and Grafana service account tokens (glsa_ prefix). A leaked token grants access to dashboards, data sources and, for Grafana Cloud, metrics/logs ingestion endpoints.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the glc_ and glsa_ prefixes with their fixed structures are highly specific to Grafana Cloud and Grafana service account tokens.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9])(?:glc_[A-Za-z0-9+/]{32,400}={0,3}|glsa_[A-Za-z0-9]{32}_[a-f0-9]{8})(?![A-Za-z0-9])Corroborative evidence keywords
grafana, grafana cloud, service account token, api key, GRAFANA_TOKEN, dashboard, prometheus
Proximity: 300 characters
Should match
glsa_ABCDEFGHIJKLMNOPQRSTUVWXYZ012345_abcdef01— Grafana service account token, glsa_ + 32 alnum + _ + 8 hexGRAFANA_TOKEN=glc_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh0123456789+/ABCDEF==— Grafana Cloud API token, glc_ + base64 bodyglc_aB3dE6gH9jK2mN5pQ8sT1uV4wX7yZ0aB3dE6gH9jK2mN5pQ8sT— Another Grafana Cloud token body
Should not match
glsa_ABCDEFGHIJKLMNOPQRSTUVWXYZ012345— Grafana service account token missing the _<8 hex> suffixglx_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh0123456789— Wrong prefix (glx_ is not a Grafana token type)paste your grafana service account token into the data source config— Prose mention without a token value
Known false positives
- Documentation or examples showing placeholder glc_/glsa_ strings. Mitigation: Require corroborative keywords and check for placeholder markers (example, xxxx).