Slack API tokens can be created for both members and bot users. For added security, it is recommended to rotate these tokens periodically. Slack will automatically revoke old tokens if they remain unused for long periods of time.
Step 1: Revoke the exposed secret.
Go to auth.revoke to revoke your token.
Method URL: https://slack.com/api/auth.revoke
Preferred HTTP method: GET
Accepted content types: application/x-www-form-urlencoded
Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
Step 3: Inspect Slack's Events API log to ensure the key was not utilized during the compromised period.
Updated 12 months ago