New Relic API Key
Detects New Relic user API keys (NRAK- prefix followed by 27 characters). A leaked key grants access to the New Relic GraphQL (NerdGraph) API and account telemetry.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the distinctive NRAK- prefix with a fixed 27-character body is highly specific to New Relic user API keys.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9])NRAK-[a-z0-9]{27}(?![A-Za-z0-9])Corroborative evidence keywords
new relic, newrelic, NerdGraph, api key, NEW_RELIC_API_KEY, user key, account id
Proximity: 300 characters
Should match
NRAK-abcdefghijklmnopqrstuvwxy12— New Relic user API key, NRAK- prefix + 27 charsNEW_RELIC_API_KEY=NRAK-0123456789abcdefghijklmnopq— Labelled New Relic key in an env assignmentNRAK-9z8y7x6w5v4u3t2s1r0q9p8o7n6— Another New Relic key body
Should not match
NRAK-abcdefghij— Too short to be a valid New Relic keyNRAA-abcdefghijklmnopqrstuvwxy12— Wrong prefix (NRAA- instead of NRAK-)paste your new relic user api key into the NerdGraph client— Prose mention without a token value
Known false positives
- Documentation or examples showing placeholder NRAK- strings. Mitigation: Require corroborative keywords and check for placeholder markers (example, xxxx).