# True-Positive fixtures: known secret-shape patterns — must BLOCK
# Provenance: patterns sourced from GitHub secret scanning pattern documentation,
# AWS IAM identifier reference, detect-secrets v1.4 (IBM, MIT license),
# TruffleHog v2 design (Cornwell 2019), RFC 7519, OpenSSH PROTOCOL.key.
#
# INVARIANT: No real credential values. All values use placeholder patterns that
# match the regex but are clearly test material. Pattern style: AKIA[A-Z0-9]{16}
# approach — structurally valid shapes with obviously non-real content.
# Source for this approach: GitHub secret scanning docs recommend test-value patterns
# for CI fixture use. https://docs.github.com/en/code-security/secret-scanning

# AWS Access Key IDs (AKIA prefix + 16 uppercase alphanum)
# Source: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_ACCESS_KEY_ID=AKIAJEXAMPLEKEYID00A
config["aws_key"] = "AKIAIOSFODNN7TESTKEY"
export AWS_KEY=AKIAT3P2IQFEXAMPLEK1

# AWS Secret Access Keys (40-char base64 following key-named variable)
# Source: detect-secrets v1.4 AWSKeyDetector class pattern
aws_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

# GitHub Personal Access Tokens (ghp_ + 36 chars)
# Source: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-authentication-to-github
token: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ123456789A
GITHUB_TOKEN=gho_16C7e42F292c6912E7710c838347Ae178B4a
GITHUB_TOKEN=ghu_16C7e42F292c6912E7710c838347Ae178B4a
GITHUB_TOKEN=ghs_16C7e42F292c6912E7710c838347Ae178B4a

# PEM private key headers
# Source: RFC 7468 https://www.rfc-editor.org/rfc/rfc7468
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
-----BEGIN OPENSSH PRIVATE KEY-----

# JSON Web Token (three base64url segments)
# Source: RFC 7519 §3.1 https://www.rfc-editor.org/rfc/rfc7519
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJURVNUUExBQ0VIT0xERVJub3RyZWFsIn0.TESTPLACEHOLDERnotarealJWTsignatureAAAAA
jwt = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJURVNUUExBQ0VIT0xERVJub3RyZWFsIn0.TESTPLACEHOLDERnotarealRS256signatureAAA"

# Slack tokens
# Source: https://api.slack.com/authentication/token-types
SLACK_BOT_TOKEN=xoxb-TEST-TEST-TESTPLACEHOLDER_notreal
SLACK_USER_TOKEN=xoxp-TEST-TEST-TESTPLACEHOLDER_notreal
SLACK_APP_TOKEN=xoxo-TEST-TEST-TESTPLACEHOLDER_notreal

# Stripe keys
# Source: https://stripe.com/docs/keys
stripe_key = FIXTURE_sk_live_TESTPLACEHOLDERnotrealAAAAA
STRIPE_PUBLIC_KEY = FIXTURE_pk_live_TESTPLACEHOLDERnotrealAAAAA
stripe_test = FIXTURE_sk_test_TESTPLACEHOLDERnotrealAAAAA

# GCP service account JSON marker
# Source: https://cloud.google.com/iam/docs/creating-managing-service-account-keys
{"type": "service_account","project_id": "myproject","private_key_id": "key123"}
{ "type": "service_account", "project_id": "example-project" }

# Azure connection string with AccountKey
# Source: https://learn.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
DefaultEndpointsProtocol=https;AccountName=myaccount;AccountKey=TESTPLACEHOLDERnotrealfixturevalueusedonlyinPIIscannerregextestsAAAAAAAAAAAAAAAAAAAA====;EndpointSuffix=core.windows.net

# Generic API key assignments with high-entropy values
# H > 4.5 bits/char (raised threshold). Values below are randomly-shaped test strings.
# Source for entropy threshold: TruffleHog v3 default 4.5 bits/char (Cornwell 2019 updated design).
api_key = "sK3mP9vQwR7xN2yL8dF4hJ6tU0bA5cE1gI"
secret_key = "mN7kP2rQ9wX4vL8yF3hJ6tU0bA5cE1gI2d"
auth_token = "pQ8mN3kR7wX2vL9yF4hJ5tU0bA6cE1gI3d"
access_token = "rQ9mN4kP8wX3vL7yF2hJ5tU0bA6cE1gI4d"
bearer_token = "sQ7mN5kR8wX4vL6yF3hJ2tU0bA9cE1gI5d"
api_key="wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLE"
API_KEY = 'tK8mP4vQwR9xN3yL7dF2hJ6tU0bA5cE1gI'

# US SSN with valid area/group/serial (non-excluded prefixes, non-test patterns)
# Source: SSA Publication No. 05-10002 assignment rules
ssn: 078-05-1120
customer_ssn: 457-55-5462
user.ssn = "547-77-8765"
patient_ssn: 234-56-7890

# US phone numbers in valid NANP format (non-555-01xx, non-fictional ranges)
# Source: NANPA assignment, ATIS-0300114
phone: +1 (617) 867-5309
contact: 617-867-5309
tel: (312) 782-4321
phone = "+1-408-763-9876"
user_phone: 415-921-2671
