Skip to main content

Gemfury Deploy Or Push Token



  • Documentation:
  • Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching deploy and push tokens.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on deploy tokens.

Revoke the secret

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Gemfury deploy or push token

  • Family: Api

  • Category: Package registry

  • Company: Gemfury

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
- \.fury\.io
- type: ContentWhitelistPreValidator
- \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io


- text: |
extra-index-url =
apikey: 1xqxBg-3BCln5kxQsiBDOoNPsGudfyJZE
username: fvuo1b
- text: |
# URL context
deploy_token =
apikey: e9ZPM-dD1lDuhPErMC8mYZ2XXk4XiCSY
username: fvuo1b
- text: |
# URL context
push_token =
apikey: NR6Ip-fqLmxT4oLsAr6asXX9KTSVfefQ
username: fvuo1b

How can I help you ?