Skip to content

Add PubNub Secret Key (sec-c-) detector #5098

Description

@santhoshpatturaj

Description

PubNub issues a secret key (`sec-c-` prefix) alongside publish and subscribe keys when Access Manager (PAM) is enabled. The secret key is used to sign API requests that grant or revoke channel access permissions. It is a high-value credential. Possession of the secret key allows full control over who can read or write to any channel on the account. TruffleHog currently detects PubNubPublishKey and PubNubSubscriptionKey but not the secret key.

Preferred Solution

Add a new `PubNubSecretKey` detector that matches the sec+pub+sub key triple and verifies credentials using the PAM v2 HMAC-SHA256 signed grant endpoint.

References

https://www.pubnub.com/docs/general/security/access-control

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions