Gemfury Deploy or Push Token
Service Name: Gemfury
Service Description: Gemfury is a cloud repository for your private packages. It provides hosting for Ruby gems, npm modules, Python packages, and other dependency types with a simple push mechanism.
Service Address: https://gemfury.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level for Enterprise plans
Secret Access Scope: Grants ability to push, deploy, and manage packages on the Gemfury repository. Depending on the token permissions, it may allow read-only or read-write access to specific packages or all packages in an account.
Secret Revokement URL: https://manage.fury.io/tokens
Secret Example: 6EsNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Suspicious Activity Investigation Instructions:
- Review the Gemfury account activity logs for unauthorized package uploads or modifications
- Check for unexpected package versions or new packages in your repository
- Verify if any existing packages have been modified unexpectedly
- Look for unusual IP addresses accessing your Gemfury account
- Check for any changes to package access permissions
Mitigation Instructions:
-
Immediately revoke the compromised token by navigating to your Gemfury account dashboard
-
Go to the Account Settings > API Tokens section
- Delete the compromised token
- Generate a new token with appropriate permissions
- Update all legitimate CI/CD pipelines and deployment scripts with the new token
- Review and audit all packages in your repository for unauthorized modifications
- Enable two-factor authentication for your Gemfury account if available
- Consider implementing IP restrictions for your Gemfury account if on an
Enterprise plan