DigitalOcean Token

Bridgecrew Policy ID: BC_GIT_34
Chekov Check ID: CKV_SECRET_34
Severity: LOW

DigitalOcean Token

Description

To use the DigitalOcean API, you’ll need to generate a personal access token. Personal access tokens function like ordinary OAuth access tokens. You can use them to authenticate to the API by including one in a bearer-type Authorization header with your request.

Tokens function like passwords. Do not hard code your tokens into programs where they may accidentally be released in version control and are harder to rotate. Instead, use environmental variables. If a token becomes compromised, delete it to revoke that token’s access.

Fix - Buildtime

DigitalOcean

  1. Revoke Token
    Use the access_token in your token revocation request, which is a POST request to the revoke endpoint with the appropriate parameters.
    https://cloud.digitalocean.com/v1/oauth/revoke
curl -X GET "https://api.digitalocean.com/v2/droplets" \
  -H "Authorization: Bearer $TOKEN"