Skip to content

DigitalOcean OAuth Token

Service Name: DigitalOcean

Service Description: DigitalOcean is a cloud infrastructure provider that offers cloud services to help deploy modern apps. Known for its simplicity, it provides virtual machines (Droplets), managed Kubernetes clusters, serverless functions, object storage, and other cloud services.

Service Address: https://www.digitalocean.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level using Cloud Firewalls, but not directly at the token level.

Secret Access Scope: Grants programmatic access to DigitalOcean resources and services, including the ability to create, modify, and delete Droplets, Kubernetes clusters, databases, and other resources.

Secret Revokement URL: https://cloud.digitalocean.com/account/api/tokens

Secret Example: dop_v1_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Suspicious Activity Investigation Instructions:

  • Review the DigitalOcean Control Panel for any unauthorized resource creation or modifications.
  • Check the audit logs for unusual API calls or access patterns.
  • Monitor for unexpected Droplets, databases, or other resources being created.
  • Review billing information for unexpected charges or resource usage.
  • Check for changes to DNS settings or networking configurations.

Mitigation Instructions:

  • Immediately revoke the compromised OAuth token by navigating to the DigitalOcean Control Panel > API > Tokens.
  • Find the affected token and select More > Delete to revoke it.
  • Create a new token if needed, with appropriate scopes and expiration settings.
  • Review and remove any unauthorized resources that may have been created.
  • Enable two-factor authentication for your DigitalOcean account if not already enabled.
  • Consider implementing team accounts with proper permission scoping for better access control.
  • Review and update your security practices for storing and handling API tokens.