RubyGems API Key

Bridgecrew Policy ID: BC_GIT_64
Chekov Check ID: CKV_SECRET_64
Severity: LOW

RubyGems API Key

Description

RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries, a tool designed to easily manage the installation of gems, and a server for distributing them.

You can create multiple API keys based on your requirements. API keys have varying scopes that grant specific privileges. Using API keys with the least amount of privilege makes your RubyGems.org account more secure by limiting the impact a compromised key may have.

Fix - Buildtime

RubyGems

  1. Visit your RubyGems.org account settings page and click on API KEYS. You will be prompted for your account password to confirm your identity.
  2. Use the Edit button to update the scopes of the key.
  3. You can use the Reset button in the last row to delete all the API keys associated with your account.