LangSmith API Key

Detects LangSmith API keys (personal access tokens and service keys), which use a distinctive lsv2_pt_ or lsv2_sk_ prefix followed by a hyphenated hex body. A leaked key grants unauthorized access to LangSmith trace data -- which can include full LLM prompts and completions -- and billed access to the LangSmith/LangChain platform.

Type
regex
Engine
universal
Confidence
high
Confidence justification
High confidence: the lsv2_pt_/lsv2_sk_ prefixes are explicitly documented on LangChain's own administration docs (docs.langchain.com), LangSmith keys are GitHub secret-scanning partner entries (langchain_api_personal_key, langchain_api_server_key), and the specific 32-hex-underscore-10-hex body structure is corroborated by a real, independently-observed leaked-credential redaction, so false positives on the prefix+structure combination alone are extremely unlikely.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_])lsv2_(?:pt|sk)_[0-9a-fA-F]{32}_[0-9a-fA-F]{10}(?![A-Za-z0-9_-])

Corroborative evidence keywords

langsmith, langchain, smith.langchain.com, LANGSMITH_API_KEY, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database, host, [object Object] (+37 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References