Skip to content

Harbor API Token

Service Name: Harbor

Service Description: Harbor is an open-source container registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. It is a CNCF Graduated project.

Service Address: https://goharbor.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Harbor instance level through reverse proxy configurations or network policies.

Secret Access Scope: Grants programmatic access to Harbor registry resources including repositories, artifacts, and administrative functions depending on the user's role.

Secret Revokement URL: https://goharbor.io/docs/latest/administration/configure-authentication/oidc-auth/#managing-user-sessions

Secret Example: harbor_api_token_12345abcdefghijklmnopqrstuvwxyz67890

Suspicious Activity Investigation Instructions:

  • Review Harbor audit logs for unusual repository access or image pulls/pushes
  • Check for unauthorized project creation or user permission changes
  • Monitor for unusual image scanning bypass attempts
  • Look for bulk image downloads or uploads that deviate from normal patterns
  • Verify if there are any suspicious webhooks or replication rules created

Mitigation Instructions:

  • Log in to the Harbor web interface as an administrator

  • Navigate to Administration → Users and locate the affected user

  • Click on the user and select "Disable account" to immediately prevent further access
  • For complete revocation, the user should change their password, or you can delete and recreate the account.
  • Review and adjust the user's project roles and permissions
  • Consider implementing a shorter token expiration policy
  • Enable image scanning on push to detect potentially malicious images