DigitalOcean OAuth Refresh Token was found in the code of a private repository

[ox-barazouri]

• Category: Secret/PII Scan
• Policy Name: Secret in code
• Application Name: security tools / semgrep-community-rules
• Fix Link:
• Click here to see details in OX App:

Issue Description:

DigitalOcean OAuth Refresh Token was found in the code of a private repository.

Recommendations:

Please verify if the DigitalOcean OAuth Refresh Token in the code is in use. Then do the following: 1. If the secret is in use, please revoke it. 2. Moving forward, store secrets in an environment variable or secret manager. 3. Change the code to access secrets using the method chosen above. WARNING: The found DigitalOcean OAuth Refresh Token will still be visible in the Git History. Ensure it is revoked/disabled.

Aggregations:

File	Line	Match	Commit By	Open ticket day	Commit Message	Type	Merged by	Reviewers	Commit Date	Location	Parameter	Test	CVSS	Alert Link
semgrep-rules/generic/secrets/gitleaks/digitalocean-refresh-token.go	2	do_api_token = "dor_v1_bd1ebc2aada42ea89a27ae57a990************************************"	aviadlevy aviad@ox.security		Add the fule repository with all files				2024-08-14 15:32:38

[echoix]

@ox-barazouri Seems something that someone inside OxSecurity can be able to respond, do you mind following up internally with them? I can't find the author in the autocompletion to tag him/her in.

[nvuillam]

chatting with @ox-barazouri to see what it is about :)

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity.
It will be closed in 14 days if no further activity occurs.
Thank you for your contributions.

If you think this issue should stay open, please remove the O: stale 🤖 label or comment on the issue.