Kraken API Key
Detects Kraken REST API credentials: the public API key (56 base64 characters) and the private key / API secret (86-88 base64 characters, base64 of 64 bytes). Because base64 strings have no distinctive prefix, this pattern is context-gated: it requires a nearby Kraken label and an assignment (= or :) before the value. A leaked private key allows signing authenticated requests to the account.
- Type
- regex
- Engine
- universal
- Confidence
- medium
- Confidence justification
- Medium confidence: Kraken keys are base64 strings with no self-identifying prefix, so a bare value is indistinguishable from any other base64 blob; detection relies on an adjacent Kraken label plus an assignment. The two fixed lengths (56 and 86-88) narrow the value shape but are not distinctive enough on their own to alert without context.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?i)kraken[\s\S]{0,24}?[=:][\s"]*(?:[A-Za-z0-9/+]{86}={0,2}|[A-Za-z0-9/+]{56})(?![A-Za-z0-9/+=])
Corroborative evidence keywords
kraken, kraken api, api key, api_key, api secret, private key, API-Sign, API-Key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database (+14 more)
Proximity: 300 characters
Should match
KRAKEN_API_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA— Kraken public key (56 base64 chars), zero-entropy filler in an assignmentkraken private key: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==— Kraken private key (86 base64 chars + == padding = 88), zero-entropy fillerkraken api secret = ABABABABABABABABABABABABABABABABABABABABABABABABABABABAB— Kraken public key with repeated-block 56-char base64 filler
Should not match
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA— Bare 56-char base64 value with no Kraken context (could be any base64 blob)KRAKEN_API_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA— Wrong length (40 base64 chars, neither 56 nor 86-88)store your kraken api key and private key securely offline— Prose mention with no assignment and no base64 value
Known false positives
- A 56 or 86-88 character base64 blob (hash, signature, other vendor secret) appearing near the word kraken in prose. Mitigation: The pattern already requires an assignment (=/:) between the Kraken label and the value; require corroborative Kraken keywords and treat obvious placeholders (alphabet runs, all zeros) as non-sensitive.
- Documentation or examples showing placeholder base64 strings near Kraken text. Mitigation: Check for placeholder markers (example, AAAA, xxxx) and require Kraken context.