PKCS#8 Private Key Header
Detects PKCS#8 private key PEM headers in source code, configuration files, and documents. Private keys should never appear in plaintext.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: structurally constrained pattern with corroborative keyword support reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.
- Detection quality
- Verified
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth)
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- specific
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
-----BEGIN PRIVATE KEY-----Corroborative evidence keywords
private key, secret key, key file, PEM, certificate, RSA, cryptographic, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie, credential (+42 more)
Proximity: 300 characters
Should match
-----BEGIN PRIVATE KEY-----— PKCS#8 private key PEM header-----BEGIN PRIVATE KEY----- MIIE...— PKCS#8 key with data following header-----BEGIN PRIVATE KEY----- Proc-Type:— Encrypted PKCS#8 private key header
Should not match
-----BEGIN PUBLIC KEY-----— Public key, not private-----BEGIN CERTIFICATE-----— Certificate, not private keytemplate example placeholder record identifier— Template/sample context should be excluded even when anchor words are present
Known false positives
- PEM-encoded certificates or public keys that use similar header formats Mitigation: The pattern specifically matches the private key header text, but verify the full PEM block contains actual key material.