Skip to content

Wercker API Key

Service Name: Wercker (Oracle)

Service Description: Wercker is a Docker-native continuous integration and delivery platform that helps developers build and deploy applications. It was acquired by Oracle in 2017 and integrated into Oracle Cloud Infrastructure.

Service Address: https://app.wercker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level

Secret Access Scope: Grants programmatic access to Wercker CI/CD pipelines, allowing for build automation, deployment, and integration with repositories.

Secret Revokement URL: https://app.wercker.com/profile/tokens

Secret Example: werckerXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review build history and deployment logs for unauthorized or unusual activities
  • Check for unexpected pipeline executions or modifications
  • Examine repository access and integration settings
  • Monitor for unauthorized application deployments
  • Review organization member activities and permissions

Mitigation Instructions:

  • Log in to your Wercker account at https://app.wercker.com/
  • Navigate to your profile settings
  • Go to the "Personal tokens" section
  • Identify the compromised token

  • Click "Revoke" next to the token

  • Generate a new token if needed
  • Update the token in all legitimate CI/CD pipelines and integrations
  • Review and update access permissions for your Wercker organization
  • Enable two-factor authentication if not already enabled