Question

DigitalOcean System Token

Hi,

I’ve noticed DigitalOcean partnered with Github in the secret scanning program (mentioned here https://www.digitalocean.com/blog/updated-api-tokens-new-management-features). In their documentation they mention a ‘DigitalOcean System Token’ (https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns), but I’ve never seen one of those, nor is it mentioned in the documentation.

Is this something we should be aware of, does it exist and how is it generated? I suppose it is a secret since it fell into Github alerts.

Thanks!

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SB
DigitalOcean Employee
DigitalOcean Employee badge
January 4, 2023
Accepted Answer

Hi @tozya,

Good eye! There is not currently such a thing as a “DigitalOcean System Token.” When we registered our current token prefixes with GitHub, we reserved that for potential future usage.

DigitalOcean API tokens created via the control panel use the dop_v1_. Ones programmatically created via third-party integrations using the OAuth flow use doo_v1_, and the refresh tokens used in that flow use dor_v1_.

KFSys
Site Moderator
Site Moderator badge
January 5, 2023

Hi @tozya,

I’ve looked over the page, most of the Tokens are used for authentication there and API usage. As for the DigitalOcean System Token, this is not currently in use. If not mistaken this is reserved for eventual future usage.