Skip to content

CircleCI Personal Token

Service Name: CircleCI

Service Description: CircleCI is a continuous integration and continuous delivery platform that automates the build, test, and deployment processes for software development. It supports a wide range of languages and integrates with GitHub, Bitbucket, and other version control systems.

Service Address: https://circleci.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through context restrictions and security settings.

Secret Access Scope: Grants programmatic access to CircleCI API, allowing management of projects, builds, workflows, and organization settings based on the token's permissions.

Secret Revokement URL: https://app.circleci.com/settings/user/tokens

Secret Example: CIRCLE_TOKEN_1a2b3c4d5e6f7g8h9i0j

Suspicious Activity Investigation Instructions:

  • Review the CircleCI audit logs for unusual project access or build triggers
  • Check for unauthorized workflows or jobs that have been created or modified
  • Monitor for unexpected API calls using the token
  • Verify if the token has been used from unusual geographic locations
  • Examine project settings for any unauthorized changes to environment variables or contexts

Mitigation Instructions:

  • Log in to your CircleCI account at https://app.circleci.com/

  • Navigate to User Settings by clicking on your profile picture in the top right

corner

  • Select "Personal API Tokens" from the left sidebar
  • Locate the compromised token and click the "Delete" button
  • Confirm the deletion when prompted
  • Generate a new token with appropriate permissions if needed
  • Update any legitimate applications or services that were using the old token
  • Review and update any project environment variables that might have been

exposed

  • Consider implementing context restrictions for sensitive operations