CircleCI Personal Token

Bridgecrew Policy ID: BC_GIT_29
Chekov Check ID: CKV_SECRET_29
Severity: LOW

CircleCI Personal Token


To use the CircleCI API or view details about your pipelines, you will need API tokens with the appropriate permissions. This document describes the types of API tokens available, as well as how to create and delete them.

There are two types of API token you can create within CircleCI.
Personal: These tokens are used to interact with the CircleCI API and grant full read and write permissions.
Project: These tokens allow you to read/write information for specific projects. Project tokens have three scope options: Status, Read Only, and Admin. - Status tokens grant read access to the project’s build statuses. Useful for embedding status badges. - Read Only tokens grant read only access to the project’s API. - Admin tokens grant read and write access for the project’s API.

Fix - Buildtime


  1. In the CircleCI application, go to your User settings
  2. Click Personal API Tokens
  3. Click the X in the Remove column for the token you wish to replace and confirm your deletion.
  4. Click the Create New Token button.
  5. In the Token name field, type a new name for the old token you are rotating. It can be the same name given to the old token.
  6. Click the Add API Token button.
  7. After the token appears, copy and paste it to another location. You will not be able to view the token again.