CircleCI Personal Token
Service Name: CircleCI
Service Description: CircleCI is a continuous integration and continuous delivery platform that automates the build, test, and deployment processes for software development. It supports a wide range of languages and integrates with GitHub, Bitbucket, and other version control systems.
Service Address: https://circleci.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through context restrictions and security settings.
Secret Access Scope: Grants programmatic access to CircleCI API, allowing management of projects, builds, workflows, and organization settings based on the token's permissions.
Secret Revokement URL: https://app.circleci.com/settings/user/tokens
Secret Example: CIRCLE_TOKEN_1a2b3c4d5e6f7g8h9i0j
Suspicious Activity Investigation Instructions:
- Review the CircleCI audit logs for unusual project access or build triggers
- Check for unauthorized workflows or jobs that have been created or modified
- Monitor for unexpected API calls using the token
- Verify if the token has been used from unusual geographic locations
- Examine project settings for any unauthorized changes to environment variables or contexts
Mitigation Instructions:
-
Log in to your CircleCI account at https://app.circleci.com/
-
Navigate to User Settings by clicking on your profile picture in the top right
corner
- Select "Personal API Tokens" from the left sidebar
- Locate the compromised token and click the "Delete" button
- Confirm the deletion when prompted
- Generate a new token with appropriate permissions if needed
- Update any legitimate applications or services that were using the old token
- Review and update any project environment variables that might have been
exposed
- Consider implementing context restrictions for sensitive operations