Hugging Face Access Token
Detects Hugging Face user access tokens (hf_ prefix), used to authenticate to the Hugging Face Hub API. A leaked token grants access to private models, datasets and Spaces, and can incur inference billing.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the distinctive hf_ prefix with a fixed 34-character body is highly specific to Hugging Face access tokens.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9_])hf_[A-Za-z0-9]{34}(?![A-Za-z0-9])Corroborative evidence keywords
hugging face, huggingface, HF_TOKEN, access token, api token, transformers, inference api
Proximity: 300 characters
Should match
hf_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh— Hugging Face access token, hf_ prefix + 34 charsHF_TOKEN=hf_zyxwvutsrqponmlkjihgfedcba01234567— Labelled Hugging Face token in an env assignmenthf_aB3dE6gH9jK2mN5pQ8sT1uV4wX7yZ0pLkJ— Mixed-case Hugging Face token
Should not match
hf_ABCDEFGHIJKLMNOP— Too short to be a valid Hugging Face tokenhg_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh— Wrong prefix (hg_ instead of hf_)load the model with your hugging face access token set as HF_TOKEN— Prose mention without a token value
Known false positives
- Documentation or examples showing placeholder hf_ strings. Mitigation: Require corroborative keywords and check for placeholder markers (example, xxxx).