What is a regular expression to identify the AWS basic auth value in the repository for git-secret?

Question

I want to identify the AWS basic auth from the files in a repository. For this I want to add a pattern for git-secret to scan the value for basic auth value in the repository.

I have tried with the below pattern:

git secrets --add '^\bBasic [A-Za-z0-9[!@#$%^&*(),.?":{}|<>=]{60}$'

patterns =  (\"|')?(Basic )[A-Za-z0-9\\+=]{60}(\"|')$

The script is as follows:

git secrets --add '^\bBasic [A-Za-z0-9[!@#$%^&*(),.?":{}|<>=]{60}$'
git secrets --add 'Basic [A-Za-z0-9!@#$%^&*(),.?":{}|<>=]{60}'

I expect the pattern to add for git-secret to identify the AWS basic auth value from the repository.

Here is an example of a basic auth value:

Basic aW5mQExampleauthvalueGlCeGUzeXk4UmMyT29HeFJOVFVEXAMPLEKEYS==

'Basic' + + <60 characters> then we should flag it. If it has less than 60, or more than 60, then it's not a valid string.

Answer 1

for git-secret

Actually, that regex, as proposed by Npok's answer, won't need git-secret much longer.

(Plus: Secret scanning’s push protection is available on public repositories, for free (May. 2023))

As of June 2021:

Secret scanning now supports user defined patterns on private repositories:

GitHub Advanced Security customers can now specify custom patterns for use in private repo secret scanning.

When a new pattern is specified, secret scanning searches a repository's entire git history for it, as well as any new commits.

User defined patterns are in beta on cloud and will be available on GHES next quarter.
They can be defined at the repository and organization level.

See:

• "Defining custom patterns for secret scanning"
• "About secret scanning"

---

And:

Secret scanning now push protects custom patterns (Dec. 2022)

Previously, GitHub Advanced Security customers could enable push protection for all patterns supported by default.

Now, admins can also enable push protection for any custom pattern defined at the repository or organization level.
Push protection for enterprise-level custom patterns will come in January.

• Read our blog post to learn how you can push protect your custom patterns
• Learn how to secure your repositories with secret scanning

Answer 2

Your pattern worked fine for me, you just missed one thing:

^(\"|')?Basic [A-Za-z0-9\\+=]{60}(\"|')?$

You forgot the last "?" for the second optional single or double quote.