In our terraform infrastructure code, gitleaks does find instances like

service_key  = "something-matching-generic-api-key-rule"

but it has been missing the same keys when written as a ternary expression

service_key  = local.environment == "production" ? "something-matching-generic-api-key-rule1" : "something-matching-generic-api-key-rule2"

Describe the solution you'd like
The generic-api-key should match even when a ternary expression is used. I tried to patch the regex to include an arbitraty part after the assignment operator ((?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:.*)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)) , and while the pattern is then matching on the command line using e.g. ripgrep, editing the generic-api-key rule pattern in .gitleaks.toml does not work.

Describe alternatives you've considered

• Adding a specific rule for matching the format of our API keys (it's for posthog). The following pattern finds both keys in the ternary construct:

  [[rules]]
  id = "posthog-api-key"
  description = "Uncovered a PostHog API key, which could lead to unauthorized access to PostHog and data breaches."
  regex = '''\b(phc_[\w-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
  entropy = 3
  keywords = ["phc_"]
  

• rewriting the conditional in terraform. Using ternary expressions in terraform is idiomatic and other constructs (like declaring the values first and then reference them in the ternary expression) are complicated and would be a workaround. See https://developer.hashicorp.com/terraform/language/expressions/conditionals

cc @zricethezav