Create custom risk types

You can define a custom risk type that CLI will recognize. It can be a secret (e.g. an API token), a PII (Personal Identifying Information), or NIL (Non-Inclusive Language).

File format

Custom risk type is defined in an YAML file.

Example

The following file detects GitLab PAT token:

regex:
  value: glpat-[a-zA-Z0-9\-_]{20}
type: gitlab_personal_access_token
category: secret
description: GitLab personal access token
precedence: strong_pattern

Field descriptions

Field	Description
value	specifies a regular expression to match the risk. Vault Radar supports golang stype regular expressions as well as PCRE
type	Unique identifier for the risk type. While there are no restrictions on the actual value, the best practice is to keep it to lower-case letters and underscore only
category	Risk category. Must be one of `secret`, `pii`, or `nil`
description	Human friendly description of the risk type.
precedence	This is internal to Vault Radar, use `strong_pattern` for all custom risk types.

Location

CLI loads .yaml files from $HOME/.hashicorp/vault-radar/custom_patterns folder.

Examples

Here are examples of custom risk definitions.

Non-Inclusive Language:

regex:
  value: (?i)whitelist
type: nil_whitelist
category: nil
description: Non-inclusive Language - Whitelist
precedence: strong_pattern

PII:

regex:
  value: \b((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\b
type: pii_ipv4
category: pii
description: PII - IPv4
precedence: strong_pattern