Skip to content

Codefresh API Token

Service Name: Codefresh

Service Description: Codefresh is a modern CI/CD platform built for Kubernetes and microservices deployments. It provides a complete DevOps toolchain for building, testing, and deploying applications to Kubernetes.

Service Address: https://codefresh.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Codefresh's security settings.

Secret Access Scope: Grants programmatic access to Codefresh resources, allowing users to manage pipelines, builds, environments, and other CI/CD resources.

Secret Revokement URL: https://g.codefresh.io/user/settings

Secret Example: cf-1234567890abcdef1234567890abcdef

Suspicious Activity Investigation Instructions:

  • Review the Codefresh audit logs for unusual pipeline executions or configuration changes
  • Check for unauthorized pipeline creations or modifications
  • Monitor for unusual resource usage or unexpected deployments
  • Examine API call patterns for anomalies in frequency or type
  • Verify if the token has been used from unusual IP addresses or locations

Mitigation Instructions:

  • Log in to your Codefresh account and navigate to User Settings
  • Go to the "API Keys" section

  • Locate the compromised API token

  • Click the "Revoke" or "Delete" button next to the token
  • Create a new API token with appropriate scopes if needed
  • Update any legitimate applications or services that were using the revoked

token

  • Review and adjust token permissions to follow the principle of least privilege
  • Consider implementing IP restrictions for API access if available