Custom Patterns

Azath detects 100+ types of secrets out of the box. Define your own custom patterns for organization-specific secrets.

Pattern Categories

Built-in patterns cover 12 major categories:

AI Semantic Detection

Beyond regex patterns, Azath offers AI-powered semantic detection with the -ai flag. The AI understands context, variable entropy, and intent to catch secrets that traditional patterns miss.

# Enable AI semantic detection
azath scan -ai

# AI deep scan
azath scan-all --ai

What AI Detection Catches

• Novel secret formats not in pattern databases
• Obfuscated or encoded credentials
• Semantic patterns: variables like password, api_key assigned hardcoded values
• High entropy strings in suspicious contexts
• Context-aware false positive reduction

Defining Custom Patterns

Add custom patterns to your azath.yaml:

custom_patterns:
  - name: "Internal API Key"
    regex: "company_[a-zA-Z0-9]{32}"
    description: "Internal company API key detected"
    severity: "high"
    
  - name: "Legacy Token"
    regex: "legacy_[a-f0-9]{40}"
    description: "Legacy authentication token"
    severity: "critical"

Severity Levels

Pattern Guidelines

• Be specific — Avoid overly broad patterns
• Test thoroughly — Check for false positives
• Document clearly — Explain what the pattern detects
• Use anchors — ^ and $ to match full strings
• Escape properly — Double backslashes in YAML

Managing Patterns

# List all active patterns
azath patterns list

# Check pattern version
azath patterns version

# Update patterns
azath patterns update