The CloudSmith entitlement token isn't detected as the secret

[alexku7]

Hello
The cloudsmith entitlement token isn't detected.

Honestly speaking it's a bit tricky to detect. The token is relatively short without clear identifier , for example
DqhyrhnfAOky.

Any chance to add it anyway do the detection engine ?

[pierrelalanne]

Hello @alexku7,
I had a look at Cloudsmith's documentation, but would you have more details about this kind of token ?
What is the length range ? What charset is involved ? Would you have a code snippet demonstrating how this token is supposed to be used ?
This will greatly help us assess if we can support this kind of token.
Thanks.

[alexku7]

Hello @pierrelalanne

Usually the token appears in the URL , for example https://dl.cloudsmith.io/{ENTITLEMENT_TOKEN}/satori/pytori/python/simple/
The URL represents some location where we should download some package ( in this case some python package stored in the cloudsmith repo)

The {ENTITLEMENT_TOKEN}. is a random string for example C4dyQKtkHBgCrqsp

But the problem that the token can be any random string or number with various length.

So , probably the best way to detect it is to search it as part of the cloudsmith.io URL