Skip to content

BuildKite API Key

Service Name: BuildKite

Service Description: BuildKite is a CI/CD platform that combines the power of your own infrastructure with their hosted platform. It allows teams to run fast, secure, and scalable continuous integration pipelines on their own infrastructure.

Service Address: https://buildkite.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through BuildKite's security settings.

Secret Access Scope: BuildKite API keys grant programmatic access to BuildKite resources including pipelines, builds, agents, and organization settings depending on the permissions assigned to the token.

Secret Revokement URL: https://buildkite.com/user/api-access-tokens

Secret Example: a123b456c789d0123e456f789g0123h456i789j

Suspicious Activity Investigation Instructions:

  • Review the BuildKite audit logs for unusual API calls or unauthorized access
  • Check for unexpected pipeline modifications or unauthorized build triggers
  • Monitor for changes to agent configurations or organization settings
  • Verify if the token has been used from unusual IP addresses or locations
  • Review any webhooks or integrations that may have been added or modified

Mitigation Instructions:

  • Immediately revoke the compromised API token by navigating to BuildKite's user settings > API Access Tokens
  • Create a new API token with appropriate scopes if still needed

  • Review and update permissions for all existing API tokens

  • Enable two-factor authentication for all BuildKite users
  • Consider implementing IP restrictions for API access if not already in place
  • Audit all pipelines and configurations for unauthorized changes
  • Rotate any secrets that may have been exposed through the BuildKite platform
  • Review BuildKite's security best practices and implement as appropriate