Skip to content

CircleCI API Token

Service Name: CircleCI

Service Description: CircleCI is a continuous integration and continuous delivery platform that automates the build, test, and deployment processes for software development teams. It supports a variety of programming languages and integrates with GitHub, Bitbucket, and other version control systems.

Service Address: https://circleci.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through context restrictions and IP ranges.

Secret Access Scope: Grants programmatic access to CircleCI API, allowing management of projects, builds, workflows, and organization settings depending on the token's permissions.

Secret Revokement URL: https://app.circleci.com/settings/user/tokens

Secret Example: d14dd7cd69a814af3743abad09876cb1234567890

Suspicious Activity Investigation Instructions:

  • Review the CircleCI dashboard for unexpected builds or workflows.
  • Check project settings for unauthorized changes or added environment variables.
  • Examine audit logs for unusual API calls or access patterns.
  • Verify if any unauthorized projects have been added to your organization.
  • Monitor for unexpected resource usage or billing changes.

Mitigation Instructions:

  • Log in to your CircleCI account and navigate to User Settings.
  • Go to the Personal API Tokens section.
  • Locate the compromised token and click the delete button.
  • Create a new token with appropriate permissions if needed.
  • Update any applications or services using the old token with the new one.
  • Review and update project environment variables that might have been exposed.
  • Consider implementing context restrictions to limit token access to specific projects.
  • Enable GitHub OAuth App restrictions if using GitHub integration.