BuildKite API Token
Service Name: BuildKite
Service Description: BuildKite is a CI/CD platform that helps teams automate their software build, test, and deployment pipelines. It combines the power of your own infrastructure with BuildKite's hosted platform to run fast, secure, and scalable continuous integration and delivery pipelines.
Service Address: https://buildkite.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through BuildKite's security settings.
Secret Access Scope: BuildKite API tokens grant programmatic access to BuildKite resources and can be used to interact with the BuildKite API, manage pipelines, trigger builds, and access organization data depending on the token's permissions.
Secret Revokement URL: https://buildkite.com/user/api-access-tokens
Secret Example: a123b456c789d0123e456f789g0123h456i789j
Suspicious Activity Investigation Instructions:
- Review the BuildKite audit logs for unusual API calls or unauthorized access.
- Check for unexpected pipeline modifications or unauthorized build triggers.
- Monitor for unusual patterns of API usage or access from unexpected locations.
- Review the permissions granted to the compromised token.
- Check for any unauthorized webhooks or integrations that may have been added.
Mitigation Instructions:
- Log in to your BuildKite account and navigate to your user settings.
- Go to the "API Access Tokens" section.
- Locate the compromised token and click "Revoke" to immediately invalidate it.
- Create a new token with appropriate permissions if needed.
- Review and update your organization's security settings.
- Consider implementing more restrictive token scopes for future tokens.
- Enable two-factor authentication for all users with access to BuildKite.
- Review your CI/CD pipelines for any unauthorized changes that may have been made.