Skip to content

Digital Ocean Personal Access Token

Service Name: DigitalOcean

Service Description: DigitalOcean is a cloud infrastructure provider that offers simple, cost-effective cloud computing resources including virtual machines (Droplets), managed databases, object storage, load balancers, and more.

Service Address: https://www.digitalocean.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to DigitalOcean resources including Droplets, Kubernetes clusters, databases, and other cloud resources.

Secret Revokement URL: https://cloud.digitalocean.com/account/api/tokens

Secret Example: dop_v1_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0

Suspicious Activity Investigation Instructions:

  • Check DigitalOcean account for unauthorized resource creation or modifications
  • Review API access logs for unusual API calls or access patterns
  • Verify if any Droplets, databases, or other resources were created without authorization
  • Check for unexpected changes to DNS settings or networking configurations
  • Monitor for unusual billing activity or resource usage spikes

Mitigation Instructions:

  • Immediately revoke the compromised token in the DigitalOcean control panel
  • Navigate to https://cloud.digitalocean.com/account/api/tokens
  • Find the compromised token and click "More" then "Revoke Token"
  • Generate a new token with appropriate permissions if needed
  • Review and rotate any other potentially compromised credentials
  • Enable two-factor authentication if not already enabled
  • Consider implementing IP-based restrictions for API access