I’ve noticed DigitalOcean partnered with Github in the secret scanning program (mentioned here https://www.digitalocean.com/blog/updated-api-tokens-new-management-features). In their documentation they mention a ‘DigitalOcean System Token’ (https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns), but I’ve never seen one of those, nor is it mentioned in the documentation.
Is this something we should be aware of, does it exist and how is it generated? I suppose it is a secret since it fell into Github alerts.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
Good eye! There is not currently such a thing as a “DigitalOcean System Token.” When we registered our current token prefixes with GitHub, we reserved that for potential future usage.
DigitalOcean API tokens created via the control panel use the
dop_v1_. Ones programmatically created via third-party integrations using the OAuth flow use
doo_v1_, and the refresh tokens used in that flow use
I’ve looked over the page, most of the Tokens are used for authentication there and API usage. As for the
DigitalOcean System Token, this is not currently in use. If not mistaken this is reserved for eventual future usage.