Linear API Key
Service Name: Linear
Service Description: Linear is a project management and issue tracking tool designed for software development teams. It provides features for task management, roadmapping, and workflow automation to help teams track and manage their work efficiently.
Service Address: https://linear.app/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but Linear supports SAML-based SSO with IP restrictions for enterprise plans.
Secret Access Scope: Grants programmatic access to Linear's API, allowing read and write operations on workspaces, teams, issues, projects, and other resources depending on the permissions of the associated user account.
Secret Revokement URL: https://linear.app/settings/api
Secret Example: lin_api_12a3b4c5d6e7f8g9h0i1j2k3l4m5n6o7
Suspicious Activity Investigation Instructions:
- Review the Linear audit logs for unusual activity or unauthorized access.
- Check for unexpected changes to issues, projects, or team configurations.
- Monitor for API calls from unfamiliar IP addresses or locations.
- Examine the creation of new webhooks or integrations that may be exfiltrating data.
- Review user permissions and access levels for any unexpected changes.
Mitigation Instructions:
- Log in to your Linear account and navigate to Settings > API.
- Locate the compromised API key in the list of active keys.
- Select Revoke next to the compromised key to immediately invalidate it.
- Create a new API key if necessary, with appropriate scopes and permissions.
- Review and update any applications or integrations that were using the revoked key.
- Consider implementing additional security measures such as SSO or SAML for enterprise accounts.
- Review webhook configurations and third-party integrations to ensure they're all legitimate.