Pinecone API Key

Detects Pinecone API keys in both current live formats: pcsk_ (the dominant format issued by the Pinecone console, CLI, and SDK key-creation flows) and pckey_ (the Enterprise-plan Admin API variant, format pckey_<public-label>_<unique-key>). A leaked key grants unauthorized access to a Pinecone vector database, including any embeddings or vectorised source data it stores.

Type
regex
Engine
universal
Confidence
high
Confidence justification
High confidence: both prefixes are multiply attested. pcsk_ is the dominant live format -- shown in Pinecone's own CLI reference and AGENTS-JAVASCRIPT doc examples, called out in Pinecone's official skills repo contributor guide as the real key shape that security linters flag, and pinned to an exact body structure (5-6 alnum label + 63 alnum secret) by TruffleHog's production detector. pckey_ is explicitly documented on Pinecone's Admin API reference (Enterprise-plan key-creation endpoint). Pinecone is also a confirmed GitHub secret-scanning partner (pinecone_api_key). Older, pre-pcsk_ Pinecone keys (bare UUIDs) are not covered -- documented as a scope limitation rather than invented as an additional format.
Jurisdictions
global
Regulations
Criminal Code Act 1995 (Cth)
Frameworks
CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories
credentials, security
Scope
narrow
Risk rating
9
Platform compatibility
Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_])(?:pcsk_[A-Za-z0-9]{5,6}_[A-Za-z0-9]{63}|pckey_[A-Za-z0-9_-]{10,100})(?![A-Za-z0-9_-])

Corroborative evidence keywords

pinecone, pinecone.io, PINECONE_API_KEY, vector database, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential, database, host, [object Object] (+37 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References