Why Custom Patterns Matter

While AI Diff Review comes with built-in patterns for common secrets, your codebase may use custom formats that aren't covered by defaults. Creating custom redaction patterns ensures all your secrets are protected, regardless of their format.

Understanding Pattern Format

Redaction patterns use regular expressions (regex), giving you powerful matching capabilities. A good pattern should:

  • Match your secret format accurately
  • Not match non-secret values (avoid false positives)
  • Be specific enough to catch variations
  • Not be too broad (avoid redacting too much)

Common Pattern Examples

API Keys with Prefixes

API_KEY\s*[:=]\s*['"]?[A-Za-z0-9]{32,}['"]?

Matches API keys in various assignment formats with 32+ character keys.

JWT Tokens

eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}

Matches JWT tokens (three base64-encoded parts separated by dots).

Database Connection Strings

(?:jdbc:|mongodb\+srv://|postgresql://)[^\s'"]+

Matches various database connection strings.

OAuth Tokens

oauth[_-]?token\s*[:=]\s*['"]?[A-Za-z0-9_-]{20,}['"]?

Matches OAuth tokens in various formats.

Creating Custom Patterns

To add a custom pattern:

  1. Go to Settings → Tools → AI Diff Review
  2. Navigate to Secret Redaction section
  3. Click "Add Pattern"
  4. Enter your regex pattern
  5. The pattern is validated immediately
  6. Invalid patterns show an error message

Pattern Validation

AI Diff Review validates patterns when you add or edit them:

  • Invalid regex syntax is caught immediately
  • Error messages explain what's wrong
  • You can't save invalid patterns
  • This prevents frustration from broken patterns

Pattern Management

Viewing Patterns

You can see all patterns (built-in and custom) in the settings. Built-in patterns are marked and can't be deleted, but you can disable them if needed.

Editing Patterns

Custom patterns can be edited at any time. Click on a pattern to modify it, and validation happens immediately.

Removing Patterns

You can remove custom patterns you no longer need. Built-in patterns can't be removed but can be disabled.

Reordering Patterns

Patterns are applied in order, so reordering matters. More specific patterns should come before general ones to ensure correct matching.

Import and Export

You can export your pattern set to a text file (one regex per line) and import it on other machines. This is useful for:

  • Sharing patterns with team members
  • Backing up your configuration
  • Using the same patterns across projects
  • Version controlling your patterns

Testing Patterns

After creating a pattern, test it:

  1. Create a test commit with sample secrets
  2. Run an analysis
  3. Check that secrets are redacted correctly
  4. Verify no false positives (non-secrets being redacted)
  5. Adjust the pattern if needed

Best Practices

Start Specific

Create specific patterns first, then add more general ones if needed. Specific patterns are less likely to cause false positives.

Test Thoroughly

Test patterns with real examples from your codebase to ensure they work correctly.

Document Patterns

Consider documenting what each custom pattern matches, especially if you have many patterns.

Review Regularly

Periodically review your patterns to ensure they're still relevant and not causing issues.

Order Matters

Place more specific patterns before general ones. The first match wins, so ordering affects what gets redacted.

Common Pitfalls

Too Broad

Avoid patterns that match too much. For example, don't redact all strings—be specific about what constitutes a secret.

Too Narrow

Make sure patterns catch variations. If your secrets can appear in different formats, account for that.

Not Testing

Always test patterns before relying on them. A pattern that looks correct might not work as expected.

Conclusion

Custom secret redaction patterns let you protect your specific secret formats, ensuring comprehensive protection for your codebase. By understanding regex and following best practices, you can create effective patterns that keep your secrets safe.

Remember to test patterns, order them correctly, and review them regularly. With proper pattern management, you can maintain strong security while using AI code review.

Ready to customize your protection? Install AI Diff Review and start creating custom redaction patterns for your codebase.