RubyGems API Key

Name: RubyGems API Key
Creator: TestPattern Community
License: https://opensource.org/licenses/MIT

Detects RubyGems.org API keys (rubygems_ prefix), used to push gems. A leaked key lets an attacker publish or yank gems under the owner's account.

Type: regex
Engine: universal
Confidence: high
Confidence justification: High confidence: the rubygems_ prefix with a fixed 48-character hexadecimal body is highly specific to RubyGems.org API keys.
Jurisdictions: global
Regulations: Criminal Code Act 1995 (Cth)
Frameworks: CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories: credentials, security
Scope: narrow
Risk rating: 8
Platform compatibility: Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_])rubygems_[a-f0-9]{48}(?![A-Za-z0-9])

rubygems, rubygems.org, gem push, api key, RUBYGEMS_API_KEY, credentials, bundler

Proximity: 300 characters

rubygems_abcdef0123456789abcdef0123456789abcdef0123456789 — RubyGems API key, rubygems_ prefix + 48 hex chars
RUBYGEMS_API_KEY=rubygems_0123456789abcdef0123456789abcdef0123456789abcdef — Labelled RubyGems key in an env assignment
rubygems_fedcba9876543210fedcba9876543210fedcba9876543210 — Another RubyGems key body

rubygems_abcdef0123456789abcdef — Too short to be a valid RubyGems key
rubygems_ghijkl0123456789abcdef0123456789abcdef0123456789 — Non-hex characters in body (g-l are not hex)
run gem push after setting your rubygems.org api key — Prose mention without a token value

Documentation or examples showing placeholder rubygems_ strings. Mitigation: Require corroborative keywords and check for placeholder markers (example, xxxx).