Heroku API Key
Service Name: Heroku
Service Description: Heroku is a platform as a service (PaaS) that enables developers to build, run, and operate applications entirely in the cloud. It supports several programming languages and is owned by Salesforce.
Service Address: https://www.heroku.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be implemented at the application level using Heroku Shield or through add-ons like Quotaguard Static IP.
Secret Access Scope: Grants programmatic access to manage Heroku applications, add-ons, and resources. Can be used to deploy code, scale dynos, manage databases, and access all resources associated with the account.
Secret Revokement URL: https://dashboard.heroku.com/account/applications
Secret Example: 4a1d8c83-0eef-498e-8cdc-1234567890ab
Suspicious Activity Investigation Instructions:
- Review Heroku dashboard for unauthorized application deployments or modifications
- Check for unexpected changes in dyno configurations or scaling
- Monitor for unauthorized add-on installations or modifications
- Review application logs for suspicious activities
- Check for unexpected collaborators added to your applications
- Review billing information for unexpected charges
Mitigation Instructions:
-
Log in to your Heroku account at https://dashboard.heroku.com/
-
Navigate to Account Settings → Applications
- Find the compromised API key in the "Authorized Applications" section
- Click "Revoke" next to the API key
- Generate a new API key if needed
- Update the API key in all legitimate applications and CI/CD pipelines
- Review and update access controls for your Heroku account
- Enable two-factor authentication if not already enabled
- Consider implementing IP restrictions for your Heroku applications if available