Pulumi Access Token
Service Name: Pulumi
Service Description: Pulumi is an infrastructure as code platform that allows developers to create, deploy, and manage cloud infrastructure using familiar programming languages like JavaScript, TypeScript, Python, Go, and .NET.
Service Address: https://www.pulumi.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Pulumi's RBAC settings.
Secret Access Scope: Grants programmatic access to Pulumi resources, allowing users to create, update, and manage infrastructure stacks across cloud providers.
Secret Revokement URL: https://app.pulumi.com/account/tokens
Secret Example: pul-1234a5b6c7d8e9f0g1h2i3j4k5l6m7n8o9p0
Suspicious Activity Investigation Instructions:
- Review the Pulumi activity logs for unauthorized stack operations.
- Check for unexpected infrastructure deployments or modifications.
- Examine resource creation timestamps and user attribution.
- Verify if the token was used from unusual IP addresses or locations.
- Review audit logs for stack updates, previews, or deployments that weren't authorized.
Mitigation Instructions:
- Log in to the Pulumi Console at https://app.pulumi.com/.
- Navigate to your account settings by clicking on your profile picture in the top right corner.
- Select "Settings" from the dropdown menu.
- Go to the "Access Tokens" tab.
- Locate the compromised token and click "Revoke".
- Generate a new token if needed.
- Update any CI/CD pipelines or automation tools with the new token.
- Consider implementing shorter token expiration periods for future tokens.
- Review and update Pulumi RBAC permissions to enforce the Principle of Least Privilege.