PackageCloud Token

Description

General

• Documentation: https://packagecloud.io/docs/api
• Summary: PackageCloud is a SaaS solution to manage all artifacts and packages in the same place. Developers can publish and download packages from various sources, for instance, Java, Python, Ruby, Node. PackageCloud provides both a CLI and an API to interact with repositories. An access token is an alternative to using username and password for authenticating to packagecloud.
• IPs allowlist:
• Scopes: PackageCloud has three types of tokens:
  • API token: Can create master, read tokens, upload and download artifacts.
  • Master token: Can create read tokens.
  • Read token: Can read repositories metadata. At this time, only the API token detection is supported.

Revoke the secret

Access tokens can be revoked from PackageCloud's website, here.

Check for suspicious activity

This is not mentioned in the documentation.

Details for Packagecloud api token

• Family: Api

• Category: Package registry

• Company: PackageCloud

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.25

• Prefixed: False

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - packagecloud

Examples

- text: PACKAGECLOUD_TOKEN=f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f
  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f

- text: 'curl https://f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f:@packagecloud.io/api/v1/distributions.json'
  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f

- text: 'curl -u f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f: https://packagecloud.io/api/v1/distributions.json'
  apikey: f77c055cba2c7b77700fb436f3b8931142f7a0799913fe4f