Skip to content

Netlify Git Gateway Key

Service Name: Netlify Git Gateway

Service Description: Netlify Git Gateway is a feature of Netlify that provides a secure way to connect your site's content management system (CMS) to your Git repository, allowing content editors to make changes without needing direct Git access.

Service Address: https://www.netlify.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Netlify site level through the Netlify dashboard.

Secret Access Scope: Grants access to manage content through Netlify CMS, allowing users to make changes to Git repositories connected to a Netlify site without needing direct Git credentials.

Secret Revokement URL: https://app.netlify.com/sites/[your-site-name]/settings/identity#services

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MjE1NjY0NDUsInN1YiI6IjEyMzQ1Njc4OTAiLCJlbWFpbCI6ImV4YW1wbGVAbmV0bGlmeS5jb20iLCJhcHBfbWV0YWRhdGEiOnsicHJvdmlkZXIiOiJnaXRodWIiLCJyZXBvIjoibmV0bGlmeS9uZXRsaWZ5LWNtcyJ9LCJ1c2VyX21ldGFkYXRhIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvMTIzNDU2Nz92PTQiLCJmdWxsX25hbWUiOiJFeGFtcGxlIFVzZXIifX0.Q5R4p-ZFGdP_gTuYl2MoAHZTenP-JGghj-mCvQDYjkQ

Suspicious Activity Investigation Instructions:

  • Review Git repository commit history for unauthorized changes.
  • Check Netlify deploy logs for unusual deployment patterns.
  • Monitor CMS activity logs for unexpected content modifications.
  • Verify identity management settings in Netlify to ensure only authorized users have access.
  • Review Git Gateway settings and connected services for any unauthorized changes.

Mitigation Instructions:

  • Disable Git Gateway in your Netlify site settings immediately.
  • Generate a new Git Gateway token by re-enabling the service.
  • Review and update user access permissions in your Netlify Identity settings.
  • Enable two-factor authentication for all Netlify admin accounts.
  • Consider implementing branch protection rules in your Git repository to prevent direct pushes to production branches.
  • Audit and update webhook settings to ensure they're properly secured.
  • Review Git Gateway logs to understand the scope of any potential breach.