DigitalOcean OAuth Application Keys
Service Name: DigitalOcean
Service Description: DigitalOcean is a cloud infrastructure provider that offers simple cloud computing services with a focus on developers. It provides virtual machines (Droplets), managed Kubernetes clusters, object storage (Spaces), managed databases, and other cloud services.
Service Address: https://www.digitalocean.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level using Cloud Firewalls, but not directly at the OAuth application level.
Secret Access Scope: OAuth application keys grant programmatic access to DigitalOcean resources based on the scopes defined during OAuth app creation. This can include managing droplets, kubernetes clusters, databases, domains, and other resources.
Secret Revokement URL: https://cloud.digitalocean.com/settings/applications
Secret Example: Client ID: b4c26b0a8f0b3f1c9d7e5a4b3c2d1e0f Client Secret: d8e7f6g5h4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x9y8z7
Suspicious Activity Investigation Instructions:
- Review the DigitalOcean audit logs for unusual API calls or resource access
- Check for unauthorized droplet creation or modification
- Monitor for unexpected changes to networking configurations
- Look for unusual access patterns or access from unexpected locations
- Verify if there are any unauthorized users added to your team
Mitigation Instructions:
- Log in to your DigitalOcean account and navigate to API > Applications
- Locate the compromised OAuth application
- Click on the application name to access its settings
- Click "Delete Application" to revoke all access
- Create a new OAuth application with appropriate scopes if still needed
- Update all applications and services that were using the old credentials
- Review all resources for unauthorized changes or backdoors
- Enable two-factor authentication for your DigitalOcean account if not already
enabled
- Consider implementing more restrictive firewall rules for your resources