PINECONE detector #4641
Description
Description
Please add a Pinecone API key detector for TruffleHog.
Pinecone API keys are used to authenticate against Pinecone’s vector database service. These keys commonly appear in env files, CI logs, or application configs under names like
PINECONE_API_KEY.
Preferred Solution
Add a detector for Pinecone API keys with:
- Pattern-based detection for the key prefix pcsk_.
- Validation (if feasible) via a lightweight API call to Pinecone to confirm key authenticity.
- Clear metadata output (detector name, key type, and reference docs).
Example (do not use real keys):
PINECONE_API_KEY=pcsk_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Additional example config line:
PINECONE_INDEX=btfn-chatbot
Additional Context
Observed format:
- Pinecone API keys appear to start with pcsk_ followed by a long URL-safe token.
- Typical length: 60–80+ characters after pcsk_ (varies; should be flexible).
Suggested validation (if possible):
- Likely via Pinecone REST API (e.g., list indexes or describe a project).
- If validation isn’t feasible without a dedicated endpoint, fallback to pattern-only detection.
References
- Pinecone docs: https://docs.pinecone.io/docs/authentication