Heroku Platform Key

Bridgecrew Policy ID: BC_GIT_48
Chekov Check ID: CKV_SECRET_48
Severity: LOW

Heroku Platform Key


Heroku is a cloud platform as a service (PaaS) supporting several programming languages. The Heroku network runs the customer's apps in virtual containers which execute on a reliable runtime environment. Heroku calls these containers "Dynos". These Dynos can run code written in Node, Ruby, PHP, Go, Scala, Python, Java, or Clojure. Heroku also provides custom buildpacks with which the developer can deploy apps in any other language. Heroku lets the developer scale the app instantly just by either increasing the number of dynos or by changing the type of dyno the app runs in.

Fix - Buildtime


Step 1: Revoke the Key

  1. In Heroku, click on Account Settings
  2. Click on API Key
  3. Find the compromised key and click on Revoke

Step 2: Monitor for abuse