Extend detection for Azure Personal Access Token

Problem to solve

GitLab Secret Detection failed to detect an Azure Personal Access Token that was stored in a gradle.properties file in the format vstsMavenAccessToken=<84-character-alphanumeric-string>. Gitleaks successfully detected this same token using its generic-api-key rule, creating a detection gap.

Customer Context: GitLab Dedicated customer Zendesk ticket #676465 reported this gap and requested parity with Gitleaks detection capabilities.

Intended users

Customers requiring parity in secret detection coverage with Gitleaks

User experience goal

Users should be able to detect Azure Personal Access Tokens regardless of how they are stored (environment variables, configuration files, property files, etc.), achieving parity with Gitleaks detection.

Proposal

Enhance GitLab Secret Detection to identify Azure Personal Access Tokens when stored in property file format (e.g., vstsMavenAccessToken=<token-value>).

Specific case:

• Token format: vstsMavenAccessToken=<84-character-alphanumeric-string>
• File type: gradle.properties (and potentially other property files)
• Current status: Not detected by GitLab Secret Detection
• Gitleaks status: Detected via generic-api-key rule

Implementation approach:

• Review and enhance existing Azure Personal Access Token detection rule (added in v0.16.0)
• Extend pattern matching to cover property file format assignments
• Consider context-aware detection to reduce false positives

Related issues

• #570035 - Secret Detection: Support for Customer requested Rules (includes Azure PAT support)
• #560060 - Introduce 100+ new patterns to our default ruleset
• #551396 - Explore creating a registry for secret detection rules