Skip to content

feat: add JumpCloud API key v2 detector (jca_ prefix)#4626

Open
rootranjan wants to merge 1 commit intotrufflesecurity:mainfrom
rootranjan:feat/jumpcloud-v2-detector
Open

feat: add JumpCloud API key v2 detector (jca_ prefix)#4626
rootranjan wants to merge 1 commit intotrufflesecurity:mainfrom
rootranjan:feat/jumpcloud-v2-detector

Conversation

@rootranjan
Copy link
Copy Markdown

@rootranjan rootranjan commented Dec 30, 2025

Closes #4624

Description:

JumpCloud has introduced a new API key format with a jca_ prefix. This PR adds a v2 detector to support this new format.

Changes:

  • Add v2 detector for modern JumpCloud API keys (40 chars total: jca_ + 36 alphanumeric)
  • Include false positive filtering (only digits/letters, sequential patterns)
  • Add entropy check (threshold 3.0)
  • Move existing detector to v1 with Versioner interface
  • Both versions share same DetectorType but report version in ExtraData

Key Format:

  • Prefix: jca_
  • Pattern: jca_[a-zA-Z0-9]{36}
  • Total length: 40 characters

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint)?

@rootranjan rootranjan requested a review from a team December 30, 2025 04:39
@rootranjan rootranjan requested a review from a team as a code owner December 30, 2025 04:39
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Dec 30, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@rootranjan rootranjan marked this pull request as draft December 30, 2025 04:44
@rootranjan rootranjan force-pushed the feat/jumpcloud-v2-detector branch from 77f7806 to 7a3da74 Compare December 30, 2025 05:05
@rootranjan
feat: add JumpCloud API key v2 detector (jca_ prefix)
0a3c405 
- Add v2 detector for modern JumpCloud API keys (40 chars total: jca_ + 36)
- Include false positive filtering (only digits/letters, sequential patterns)
- Add entropy check (threshold 3.0)
- Move existing detector to v1 with Versioner interface
- Both versions share same DetectorType but report version in ExtraData
@rootranjan rootranjan force-pushed the feat/jumpcloud-v2-detector branch from 7a3da74 to 0a3c405 Compare December 30, 2025 05:13
@rootranjan rootranjan marked this pull request as ready for review December 30, 2025 05:13
shahzadhaider1
shahzadhaider1 reviewed Dec 30, 2025
View reviewed changes
Comment thread pkg/detectors/jumpcloud/v2/jumpcloud.go

// JumpCloud API keys with jca_ prefix: jca_ + 36 alphanumeric characters (40 total)
// Example: jca_aBcDeFgHiJkLmNoPqRsTuVwXyZ123456
keyPat = regexp.MustCompile(`\bjca_([a-zA-Z0-9]{36})\b`)
Copy link
Copy Markdown
Contributor

@shahzadhaider1 shahzadhaider1 Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you share the source/documentation of this?

This page says the new format is prefixed with jcc_ and the length is also greater that what you have added.

Copy link
Copy Markdown
Author

@rootranjan rootranjan Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @shahzadhaider1,
I couldn’t find any official JumpCloud docs that specify the full format or length of the admin API key. The JumpCloud APIs help article only states that the admin API key is prefixed with jca_ (“You’ll receive an API key, it has the prefix jca_ before it…” in the Accessing Your API Key section).

The page you linked (Understand Changes to Connect Keys) describes the newer Connect key format, which is prefixed with jcc_ and is a Base64-encoded JSON blob used for agent enrollment, not the admin API key.

In this detector I’m targeting the jca_ admin API key and I’ve chosen the length/charset based on observed keys rather than a published spec. I’ve verified the pattern against valid keys and it matches the current format. If you’d like to double-check, you can follow the steps in the Accessing Your API Key section to generate a key and confirm it matches this pattern.

Copy link
Copy Markdown
Author

@rootranjan rootranjan Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
Any update?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahzadhaider1 shahzadhaider1 shahzadhaider1 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add JumpCloud API Key v2 detector (jca_ prefix format)

3 participants

@rootranjan @CLAassistant @shahzadhaider1