Fastly Personal Token

Bridgecrew Policy ID: BC_GIT_41
Chekov Check ID: CKV_SECRET_41
Severity: LOW

Fastly Personal Token


Fastly's API tokens are unique authentication credentials assigned to individual users. You need to create an API token to use the Fastly API. You can use API tokens to grant applications restricted access to your Fastly account and services. For example, an engineer user could limit a token to only have access to a single service, and restrict the scope to only allow that token to purge by URL. Every Fastly user can create up to 100 API tokens.

Fix - Buildtime


To delete an account API token or to revoke another user's API token as a superuser, follow the steps below:

  1. Log in to the Fastly web interface and click the Account link from the user menu. Your account information appears.
  2. Click the Account API tokens link. The Account API Tokens page appears with a list of tokens associated with your organization's Fastly account.
  3. Find the API token you want to delete and click the trash icon. A warning message appears.
  4. Click the Delete button to permanently delete the API token.