← all rules
secret/gcp-service-account
GCP Service Account Private Key
What it detects
Google Cloud service account JSON private key. Often grants broad project access.
How it runs
Run against every text file in the repo (with a binary-content filter and a `.repoguardignore` filter for fixtures). The matched value is masked before being persisted.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.