Quay API Token
Service Name: Quay Container Registry
Service Description: Quay is a container registry service that securely stores, builds, and distributes container images. It provides features for container image security scanning, vulnerability analysis, and fine-grained access controls.
Service Address: https://quay.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Quay's security settings.
Secret Access Scope: Grants programmatic access to Quay container registry, allowing users to push, pull, and manage container images and repositories based on the permissions associated with the token.
Secret Revokement URL: https://quay.io/user/[username]?tab=settings
Secret Example: dckr_pat_abcdefghijklmnopqrstuvwxyz0123456789ABCD
Suspicious Activity Investigation Instructions:
- Review Quay audit logs for unusual repository access or image operations
- Check for unauthorized image pushes or pulls
- Monitor for unexpected repository creation or deletion
- Examine access patterns for unusual geographic locations or times
- Verify if there are any unexpected permission changes to repositories
Mitigation Instructions:
- Log in to your Quay account and navigate to User Settings
-
Go to the "Robot Accounts" or "OAuth Applications" section depending on token type
-
Locate the compromised token and click "Delete" or "Revoke"
- Create a new token with appropriate permissions if needed
- Review and update repository permissions to ensure proper access controls
- Consider implementing repository vulnerability scanning to detect security
issues
- Enable two-factor authentication for your Quay account if not already enabled