Wercker API Key
Service Name: Wercker (Oracle)
Service Description: Wercker is a Docker-native continuous integration and delivery platform that helps developers build and deploy applications. It was acquired by Oracle in 2017 and integrated into Oracle Cloud Infrastructure.
Service Address: https://app.wercker.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level
Secret Access Scope: Grants programmatic access to Wercker CI/CD pipelines, allowing for build automation, deployment, and integration with repositories.
Secret Revokement URL: https://app.wercker.com/profile/tokens
Secret Example: werckerXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Suspicious Activity Investigation Instructions:
- Review build history and deployment logs for unauthorized or unusual activities
- Check for unexpected pipeline executions or modifications
- Examine repository access and integration settings
- Monitor for unauthorized application deployments
- Review organization member activities and permissions
Mitigation Instructions:
- Log in to your Wercker account at https://app.wercker.com/
- Navigate to your profile settings
- Go to the "Personal tokens" section
-
Identify the compromised token
-
Click "Revoke" next to the token
- Generate a new token if needed
- Update the token in all legitimate CI/CD pipelines and integrations
- Review and update access permissions for your Wercker organization
- Enable two-factor authentication if not already enabled