1) Write a regex that recognizes the full encryption multiline blob. This will require modifying how lines are defined, etc.

2) That's pretty much it, unless you want to have the odd false positive, and decide that any string longer than 30 chars without whitespace or certain punctuation is actually part of a key. And also, not catch certain fumble finger changes where some such string was accidentally introduced in a comment or other free-form, non-parsed section. (I'm assuming that such a change in code would fail to parse, and would be caught fairly quickly.)

Do you have a list of valid characters in private keys and such?