CircleCI API Token
Service Name: CircleCI
Service Description: CircleCI is a continuous integration and continuous delivery platform that automates the build, test, and deployment processes for software development teams. It supports a variety of programming languages and integrates with GitHub, Bitbucket, and other version control systems.
Service Address: https://circleci.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through context restrictions and IP ranges.
Secret Access Scope: Grants programmatic access to CircleCI API, allowing management of projects, builds, workflows, and organization settings depending on the token's permissions.
Secret Revokement URL: https://app.circleci.com/settings/user/tokens
Secret Example: d14dd7cd69a814af3743abad09876cb1234567890
Suspicious Activity Investigation Instructions:
- Review the CircleCI dashboard for unexpected builds or workflows.
- Check project settings for unauthorized changes or added environment variables.
- Examine audit logs for unusual API calls or access patterns.
- Verify if any unauthorized projects have been added to your organization.
- Monitor for unexpected resource usage or billing changes.
Mitigation Instructions:
- Log in to your CircleCI account and navigate to User Settings.
- Go to the Personal API Tokens section.
- Locate the compromised token and click the delete button.
- Create a new token with appropriate permissions if needed.
- Update any applications or services using the old token with the new one.
- Review and update project environment variables that might have been exposed.
- Consider implementing context restrictions to limit token access to specific projects.
- Enable GitHub OAuth App restrictions if using GitHub integration.