feat(config): add 5 Nigerian fintech & betting secret rules by @LloydCoder

LloydCoder · web-flow · commit 4ce7e3bbd83d · 2025-12-06T20:00:53.000+08:00
Appends high-signal rules to default config for detecting leaked credentials from major Nigerian platforms: • Paystack secret keys • Flutterwave/Rave keys • Remita merchant + hash • Interswitch MAC keys • SportyBet/BetKing tokens Same patterns shipped in: - Nuclei: projectdiscovery/nuclei-templates#14253 - TruffleHog: trufflesecurity/trufflehog#4588 - Semgrep: semgrep/semgrep-rules#3719 Author: @LloydCoder (Tinlance) 🇳🇬 Tested with `gitleaks detect --config .` — clean, no FPs on sample repos.
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -3207,3 +3207,145 @@ description = "Detected a Zendesk Secret Key, risking unauthorized access to cus
 regex = '''(?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
 keywords = ["zendesk"]
 
+[[rules]]
+id = "lloydcoder-paystack-secret-key"
+description = "Paystack Secret Key (Live or Test) - Nigerian Fintech"
+regex = '''sk_(live|test)_[0-9a-zA-Z]{50,}'''
+secretGroup = 1
+keywords = [
+  "paystack",
+  "secret_key",
+  "sk_live",
+  "sk_test",
+]
+path = [
+  "*.toml",
+  "*.yaml",
+  "*.yml",
+  "*.json",
+  "*.js",
+  "*.ts",
+  "*.py",
+  "*.go",
+  "*.env",
+]
+tags = [
+  "secret",
+  "paystack",
+  "fintech",
+  "nigeria",
+]
+
+[[rules]]
+id = "lloydcoder-flutterwave-secret-key"
+description = "Flutterwave (Rave) Secret Key - Nigerian Fintech"
+regex = '''FLWSECK[_-]?[a-zA-Z0-9]{30,}'''
+secretGroup = 1
+keywords = [
+  "flutterwave",
+  "rave",
+  "flwseck",
+]
+path = [
+  "*.toml",
+  "*.yaml",
+  "*.yml",
+  "*.json",
+  "*.js",
+  "*.ts",
+  "*.py",
+  "*.go",
+  "*.env",
+]
+tags = [
+  "secret",
+  "flutterwave",
+  "fintech",
+  "nigeria",
+]
+
+[[rules]]
+id = "lloydcoder-remita-credentials"
+description = "Remita Merchant ID & API Key/Hash - Nigerian Billing"
+regex = '''\b\d{10,15}\|[a-zA-Z0-9]{40,}\b'''
+secretGroup = 1
+keywords = [
+  "remita",
+  "merchantId",
+  "apiKey",
+  "publicKey",
+]
+path = [
+  "*.toml",
+  "*.yaml",
+  "*.yml",
+  "*.json",
+  "*.js",
+  "*.ts",
+  "*.py",
+  "*.go",
+  "*.env",
+]
+tags = [
+  "credentials",
+  "remita",
+  "fintech",
+  "nigeria",
+]
+
+[[rules]]
+id = "lloydcoder-interswitch-mackey"
+description = "Interswitch Webpay MAC Key - Nigerian Payments"
+regex = '''macKey["']?\s*[:=]\s*["']?[0-9A-Fa-f]{64}["']?'''
+secretGroup = 1
+keywords = [
+  "interswitch",
+  "webpay",
+  "macKey",
+]
+path = [
+  "*.toml",
+  "*.yaml",
+  "*.yml",
+  "*.json",
+  "*.js",
+  "*.ts",
+  "*.py",
+  "*.go",
+  "*.env",
+]
+tags = [
+  "secret",
+  "interswitch",
+  "fintech",
+  "nigeria",
+]
+
+[[rules]]
+id = "lloydcoder-sportybet-token"
+description = "SportyBet/BetKing Admin or API Token - Nigerian Betting"
+regex = '''eyJ[A-Za-z0-9-_]{100,}'''
+secretGroup = 1
+keywords = [
+  "sportybet",
+  "betking",
+  "bet9ja",
+  "admin",
+  "api_token",
+]
+path = [
+  "*.toml",
+  "*.yaml",
+  "*.yml",
+  "*.json",
+  "*.js",
+  "*.ts",
+  "*.py",
+  "*.go",
+  "*.env",
+]
+tags = [
+  "token",
+  "betting",
+  "nigeria",
+]
