Artifactory Credentials

Bridgecrew Policy ID: BC_GIT_1
Severity: LOW

Artifactory Credentials

Description

Artifactory is a Repository Manager that functions as a single access point organizing all of your binary resources including proprietary libraries, remote artifacts and other 3rd party resources.

apikey: AKCp5budTFpbypBqQbGJPz3pGCi28pPivfWczqjfYb9drAmd9LbRZbj6UpKFxJXA8ksWGc9fM

Fix - Buildtime

Artifactory

Step 1: Revoke the exposed secret.
The key can be revoked from the user profile or through the API.

## Revoke API Key
Description: Revokes the current user's API key
Since: 4.3.0
Usage: DELETE /api/security/apiKey
Produces: application/json

## Revoke User API Key
Description: Revokes the API key of another user
Since: 4.3.0
Security: Requires a privileged user (Admin only)
Usage: DELETE /api/security/apiKey/{username} 
Produces: application/json

## Revoke All API Keys
Description: Revokes all API keys currently defined in the system
Since: 4.3.0
Security: Requires a privileged user (Admin only)
Usage: DELETE /api/security/apiKey?deleteAll={0/1} 
Produces: application/json

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Inspect Jfrog access logs to ensure the key was not utilized durring the compromised period.