Securityflags: g

Stripe API Key

Match Stripe API keys: secret (sk_), publishable (pk_), or restricted (rk_), in test or live mode.

Try it in RegexPro →

Available in

JSSupported

JavaScript / ECMAScript

Browser-native RegExp. Default if you don't pick.

PYSupported

Python (re)

CPython stdlib `re`. Unicode-aware `\w` and `\d` by default.

GOSupported

Go (RE2)

Linear-time matching. No backreferences or lookarounds.

Pattern

regexengine-agnostic

(?:sk|pk|rk)_(?:test|live)_[A-Za-z0-9]{24,}   (flags: g)

Raw source: (?:sk|pk|rk)_(?:test|live)_[A-Za-z0-9]{24,}

How it works

(?:sk|pk|rk) matches one of the three key types. _(?:test|live)_ matches the mode separator. [A-Za-z0-9]{24,} matches the random suffix — Stripe's keys are at least 24 characters, sometimes longer for restricted keys. The pattern catches keys exposed in source code, logs, or chat transcripts.

Examples

Input

Use sk_live_4eC39HqLyjWDarjtT1zdp7dc for prod

Matches

sk_live_4eC39HqLyjWDarjtT1zdp7dc

Input

Public: pk_test_TYooMQauvdEDq54NiTphI7jx

Matches

pk_test_TYooMQauvdEDq54NiTphI7jx

Input

no keys here

No match

—

Common use cases

•Pre-commit secret-scanning hooks
•Log redaction pipelines
•Incident response: searching backups for leaked keys
•CI security audits

←PreviousSSH Public Key

All patterns

NextMongoDB Connection URI→