Harbor API Token
Service Name: Harbor
Service Description: Harbor is an open-source container registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. It is a CNCF Graduated project.
Service Address: https://goharbor.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Harbor instance level through reverse proxy configurations or network policies.
Secret Access Scope: Grants programmatic access to Harbor registry resources including repositories, artifacts, and administrative functions depending on the user's role.
Secret Revokement URL: https://goharbor.io/docs/latest/administration/configure-authentication/oidc-auth/#managing-user-sessions
Secret Example: harbor_api_token_12345abcdefghijklmnopqrstuvwxyz67890
Suspicious Activity Investigation Instructions:
- Review Harbor audit logs for unusual repository access or image pulls/pushes
- Check for unauthorized project creation or user permission changes
- Monitor for unusual image scanning bypass attempts
- Look for bulk image downloads or uploads that deviate from normal patterns
- Verify if there are any suspicious webhooks or replication rules created
Mitigation Instructions:
-
Log in to the Harbor web interface as an administrator
-
Navigate to Administration → Users and locate the affected user
- Click on the user and select "Disable account" to immediately prevent further access
- For complete revocation, the user should change their password, or you can delete and recreate the account.
- Review and adjust the user's project roles and permissions
- Consider implementing a shorter token expiration policy
- Enable image scanning on push to detect potentially malicious images