Eleventy API Token
Service Name: Eleventy
Service Description: Eleventy (11ty) is a simpler static site generator that transforms a directory of templates into HTML. It's a JavaScript alternative to Jekyll, built on Node.js, and emphasizes simplicity and performance.
Service Address: https://www.11ty.dev/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to Eleventy-related services, potentially including deployment capabilities, content management, or API integrations.
Secret Revokement URL: Does not exist
Secret Example: 11ty_api_tkn_a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review deployment logs for unauthorized site deployments or changes
- Check access logs for unusual IP addresses or locations accessing the API
- Monitor for unexpected content changes or site modifications
- Review build history for unauthorized builds or deployments
- Check for unusual traffic patterns or API usage spikes
Mitigation Instructions:
- Rotate the API token immediately by generating a new token
- Revoke the compromised token through your Eleventy account settings
- Update the token in all legitimate deployment configurations
-
Review and update access permissions for your Eleventy projects
-
Implement additional security measures such as IP restrictions if available
through your hosting provider
- Review your codebase for any hardcoded tokens and remove them
- Consider implementing environment variables for token storage in deployment
environments