Skip to main content

Gemfury Deploy Or Push Token



  • Documentation:
  • Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching deploy and push tokens.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on deploy tokens.

Revoke the secret#

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity#

As of the time of writing this documentation, this feature is not yet supported.

Details for Gemfury deploy or push token#

  • Family: Api

  • Category: Package registry

  • Company: Gemfury

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - \.fury\.io- type: ContentWhitelistPreValidator  patterns:  - \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io


- text: >    extra-index-url =  apikey: 1xqxBg-3BClz5kxQsqBDMkNMsGudyuJWD  username: evio1b- text: >    # URL context    deploy_token =  apikey: e9ZPM-dD1sDuhPIrMC9mXZ2XXx5RiISY  username: evio1b- text: >    # URL context    push_token =  apikey: NR6Ip-bqLmxT4lLsAn6awXX3NTSVfebQ  username: evio1b