Skip to main content

PackageCloud Token



  • Documentation:
  • Summary: PackageCloud is a SaaS solution to manage all artifacts and packages in the same place. Developers can publish and download packages from various sources, for instance, Java, Python, Ruby, Node. PackageCloud provides both a CLI and an API to interact with repositories. An access token is an alternative to using username and password for authenticating to packagecloud.
  • IPs allowlist:
  • Scopes: PackageCloud has three types of tokens:
  • API token: Can create master, read tokens, upload and download artifacts. - Master token: Can create read tokens. - Read token: Can read repositories metadata. At this time, only the API token detection is supported.

Revoke the secret#

Access tokens can be revoked from PackageCloud's website, here.

Check for suspicious activity#

This is not mentioned in the documentation.

Details for Packagecloud api token#

  • Family: Api

  • Category: Package registry

  • Company: PackageCloud

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.25

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - packagecloud


- text: PACKAGECLOUD_TOKEN=f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f
- text: "curl"  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f
- text: "curl -u f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f:"  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f