Mailgun API Key
Detects Mailgun private API keys (key- prefix followed by 32 hex characters). A leaked key allows sending email and accessing logs and account data via the Mailgun API.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence when corroborated: the key- prefix plus 32 hex chars is structured, though the generic prefix means Mailgun context keywords meaningfully reduce false positives.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9])key-[a-f0-9]{32}(?![A-Za-z0-9])Corroborative evidence keywords
mailgun, mailgun.net, api key, MAILGUN_API_KEY, private api key, smtp, bearer token
Proximity: 300 characters
Should match
key-abcdef0123456789abcdef0123456789— Mailgun private API key, key- prefix + 32 hexMAILGUN_API_KEY=key-0123456789abcdef0123456789abcdef— Labelled Mailgun key in an env assignmentkey-fedcba9876543210fedcba9876543210— Another Mailgun key body
Should not match
key-abcdef0123456789— Too short to be a valid Mailgun keypubkey-abcdef0123456789abcdef0123456789— Mailgun public key prefix, not the private api keyconfigure mailgun with your private api key before sending— Prose mention without a token value
Known false positives
- Other key- prefixed 32-hex values such as unrelated hashes or config keys. Mitigation: Require corroborative Mailgun keywords within proximity before alerting.
- Documentation or examples showing placeholder key- strings. Mitigation: Check for placeholder markers (example, xxxx) and require Mailgun context.