Digital Ocean Personal Access Token
Service Name: DigitalOcean
Service Description: DigitalOcean is a cloud infrastructure provider that offers simple, cost-effective cloud computing resources including virtual machines (Droplets), managed databases, object storage, load balancers, and more.
Service Address: https://www.digitalocean.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants programmatic access to DigitalOcean resources including Droplets, Kubernetes clusters, databases, and other cloud resources.
Secret Revokement URL: https://cloud.digitalocean.com/account/api/tokens
Secret Example: dop_v1_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0
Suspicious Activity Investigation Instructions:
- Check DigitalOcean account for unauthorized resource creation or modifications
- Review API access logs for unusual API calls or access patterns
- Verify if any Droplets, databases, or other resources were created without authorization
- Check for unexpected changes to DNS settings or networking configurations
- Monitor for unusual billing activity or resource usage spikes
Mitigation Instructions:
- Immediately revoke the compromised token in the DigitalOcean control panel
- Navigate to https://cloud.digitalocean.com/account/api/tokens
- Find the compromised token and click "More" then "Revoke Token"
- Generate a new token with appropriate permissions if needed
- Review and rotate any other potentially compromised credentials
- Enable two-factor authentication if not already enabled
- Consider implementing IP-based restrictions for API access