DigitalOcean OAuth
Application Token
Service Name: DigitalOcean
Service Description: DigitalOcean is a cloud infrastructure provider that offers simple cloud computing services with a focus on developers. It provides virtual machines (Droplets), managed Kubernetes clusters, object storage, managed databases, and other cloud services.
Service Address: https://www.digitalocean.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the team level, but not directly at the token level.
Secret Access Scope: Grants programmatic access to DigitalOcean resources and services based on the scopes assigned during token creation. Can be used to manage Droplets, Kubernetes clusters, databases, and other DigitalOcean resources.
Secret Revokement URL: https://cloud.digitalocean.com/account/api/tokens
Secret Example: dop_v1_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Suspicious Activity Investigation Instructions:
- Review the DigitalOcean audit logs for unusual API calls or resource access.
- Check for unauthorized resource creation such as new Droplets or Kubernetes clusters.
- Monitor for unexpected changes to networking configurations or firewall rules.
- Look for unusual geographic access patterns in the access logs.
- Check for unexpected billing increases that might indicate resource abuse.
Mitigation Instructions:
- Log in to your DigitalOcean account at https://cloud.digitalocean.com/
- Go to API > Tokens in the left sidebar.
- Locate the compromised token in the list.
- Click the "More" button (three dots) next to the token and select Delete.
- Confirm the deletion when prompted.
- Create a new token with appropriate scopes if needed.
- Update any applications or services that were using the old token.
- Review all resources for unauthorized changes or configurations.
- Enable two-factor authentication for your DigitalOcean account if not already enabled.