Skip to content

Gatsby Cloud Token

Service Name: Gatsby Cloud

Service Description: Gatsby Cloud is a cloud platform specifically designed for building, deploying, and hosting Gatsby websites. It offers features like real-time previews, incremental builds, and seamless integration with content management systems.

Service Address: https://www.gatsbyjs.com/products/cloud/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but access controls can be configured at the project level.

Secret Access Scope: Grants programmatic access to Gatsby Cloud resources, including build configurations, deployment settings, and site management capabilities.

Secret Revokement URL: https://www.gatsbyjs.com/dashboard/settings/tokens

Secret Example: gatsby_cloud_123456abcdef123456abcdef123456abcdef1234

Suspicious Activity Investigation Instructions:

  • Review Gatsby Cloud build logs for unauthorized or unusual build activities
  • Check for unexpected site deployments or configuration changes
  • Monitor for unauthorized access to connected services (CMS, databases, etc.)
  • Review webhook activity and integration triggers
  • Check for changes to environment variables or build settings

Mitigation Instructions:

  • Log in to your Gatsby Cloud dashboard
  • Navigate to Settings > Personal Tokens

  • Locate the compromised token and click "Revoke"

  • Generate a new token if needed
  • Update the token in any legitimate applications or CI/CD pipelines
  • Review and update access permissions for your Gatsby Cloud projects
  • Enable additional security features like two-factor authentication on your

Gatsby account

  • Audit connected services and update credentials if necessary