Heroku Platform Key
Bridgecrew Policy ID: BC_GIT_48
Chekov Check ID: CKV_SECRET_48
Severity: LOW
Heroku Platform Key
Description
Heroku is a cloud platform as a service (PaaS) supporting several programming languages. The Heroku network runs the customer's apps in virtual containers which execute on a reliable runtime environment. Heroku calls these containers "Dynos". These Dynos can run code written in Node, Ruby, PHP, Go, Scala, Python, Java, or Clojure. Heroku also provides custom buildpacks with which the developer can deploy apps in any other language. Heroku lets the developer scale the app instantly just by either increasing the number of dynos or by changing the type of dyno the app runs in.
Fix - Buildtime
Heroku
Step 1: Revoke the Key
- In Heroku, click on Account Settings
- Click on API Key
- Find the compromised key and click on Revoke
Step 2: Monitor for abuse
Updated 8 months ago