Skip to content

GoCD API Token

Service Name: GoCD

Service Description: GoCD is an open-source continuous delivery server that helps organizations automate and streamline their software delivery process. It provides visualization of complex workflows and supports parallel and sequential execution of tasks.

Service Address: https://www.gocd.org/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the server level through GoCD's security configuration.

Secret Access Scope: Grants programmatic access to GoCD's REST API, allowing users to interact with pipelines, agents, configurations, and other GoCD resources.

Secret Revokement URL: https://docs.gocd.org/current/configuration/access_tokens.html

Secret Example: d290f1ee-6c54-4b01-90e6-d701748f0851

Suspicious Activity Investigation Instructions:

  • Review GoCD server logs for unusual API calls or access patterns.
  • Check for unauthorized pipeline modifications or executions.
  • Monitor for configuration changes that weren't approved.
  • Examine agent registration and communication patterns for anomalies.
  • Review audit logs for suspicious user activities or authentication attempts.

Mitigation Instructions:

  • Log in to the GoCD server as an administrator.
  • Navigate to the Admin > Personal Access Tokens section.
  • Locate the compromised token and click Revoke.
  • Generate a new token if needed, with appropriate permissions.
  • Update any legitimate applications or scripts that were using the revoked token.
  • Consider implementing more restrictive token permissions for future tokens.
  • Review and update your GoCD security configuration to prevent similar incidents.