Skip to main content

Terraform Cloud Token

Description

General

Revoke the secret

Tokens can be revoked from the API. As an example, this is the request to revoke a user token.

Check for suspicious activity

Terraform doesn't provide a way to check for suspicious activity.

Details for Terraform cloud personal token

  • Family: token

  • Category: cloud_provider

  • Company: Terraform

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.74

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- \.atlasv1\.

Examples

- text: |
"token": "yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ"
apikey: yaALfD5CKdorzg.atlasv1.K1lUlJwaAZ0MAAIVakIUVJnfcwkrz9feswayIacpYfY6el7AM5QpUlgbbVoHFfnG8kQ

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /api/v2/account/details

Other Calls

No other calls for this analyzer.