Twilio Access Key

Bridgecrew Policy ID: BC_GIT_18
Severity: LOW

Twilio Access Key


Twilio Access Tokens are short-lived tokens that you can use to authenticate Twilio Client SDKs like Voice, Conversations, Sync, and Video.

You create them on your server to verify a client’s identity and grant access to client API features. All tokens have a limited lifetime, configurable up to 24 hours. However, a best practice is to generate Access Tokens for the shortest amount of time feasible for your application.

Fix - Buildtime


Step 1: Revoke the exposed secret.

The following method deletes an API Key. This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret.

If the delete is successful, Twilio will return an HTTP 204 response with no body.


Step 2: Clean the git history.