PlanetScale OAuth Token

Description

General

• Documentation: https://docs.planetscale.com/
• Summary: PlanetScale is a MySQL compatible, serverless database platform. PlanetScale offers a CLI (pscale) and an API to programmatically manage the databases. This detector aims at catching OAuth tokens used to authenticate API calls.
• IPs allowlist: This feature is not currently available.
• Scopes: OAuth tokens are linked to a user and can access every organization of the user with the same permissions as the user.

Revoke the secret

OAuth tokens are revoked via the API or CLI. If the token was generated by pscale login, use the command pscale logout.

Check for suspicious activity

Detailed logs are accessible in the settings of users and organizations.

Details for Planetscale oauth token

• Family: oauth_token

• Category: data_storage

• Company: PlanetScale

• High recall: True

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.04

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - pscale_oauth_

Examples

- text: |
    --- /dev/null
    +++ b/.config/planetscale/access-token
    @@ -0,0 +1 @@
    +pscale_oauth_aB0gQfl4oz9_iIocifChjPuvEOS_ieaWTT6ChduCXYZ
  apikey: pscale_oauth_aB0gQfl4oz9_iIocifChjPuvEOS_ieaWTT6ChduCXYZ

# Fat-fingered secret
- text: Xpscale_oauth_aB0gQfl4oz9_iIocifChjPuvEOS_ieaWTT6ChduCXYZ
  apikey: pscale_oauth_aB0gQfl4oz9_iIocifChjPuvEOS_ieaWTT6ChduCXYZ