Hi,
I’ve noticed DigitalOcean partnered with Github in the secret scanning program (mentioned here https://www.digitalocean.com/blog/updated-api-tokens-new-management-features). In their documentation they mention a ‘DigitalOcean System Token’ (https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns), but I’ve never seen one of those, nor is it mentioned in the documentation.
Is this something we should be aware of, does it exist and how is it generated? I suppose it is a secret since it fell into Github alerts.
Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi @tozya,
Good eye! There is not currently such a thing as a “DigitalOcean System Token.” When we registered our current token prefixes with GitHub, we reserved that for potential future usage.
DigitalOcean API tokens created via the control panel use the
dop_v1_
. Ones programmatically created via third-party integrations using the OAuth flow usedoo_v1_
, and the refresh tokens used in that flow usedor_v1_
.Hi @tozya,
I’ve looked over the page, most of the Tokens are used for authentication there and API usage. As for the
DigitalOcean System Token
, this is not currently in use. If not mistaken this is reserved for eventual future usage.