GitHub Pages Deployment Token
Service Name: GitHub Pages
Service Description: GitHub Pages is a static site hosting service that takes HTML, CSS, and JavaScript files straight from a repository on GitHub, optionally runs the files through a build process, and publishes a website.
Service Address: https://pages.github.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through GitHub's security settings, not directly on the token.
Secret Access Scope: Grants access to deploy content to GitHub Pages sites. These tokens have permissions to push to specific repositories for GitHub Pages deployments.
Secret Revokement URL: https://github.com/settings/tokens
Secret Example: github_pat_11ABCDEF0ghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLM
Suspicious Activity Investigation Instructions:
- Review GitHub repository deployment history for unauthorized deployments
- Check GitHub Pages site for unexpected content changes
- Review repository access logs for unusual activity
- Examine commit history for unauthorized commits related to the Pages site
- Monitor for unexpected changes to GitHub Pages configuration
Mitigation Instructions:
-
Immediately revoke the compromised token by navigating to GitHub Settings > Developer Settings > Personal Access Tokens
-
Generate a new deployment token with appropriate scopes
- Update any CI/CD pipelines or deployment workflows with the new token
- Enable branch protection rules for the GitHub Pages publishing branch
- Consider implementing required reviews for changes to the Pages site
- Set up notifications for deployments to quickly identify unauthorized activity
- Review and restrict collaborator permissions for the repository