Report this

What is the reason for this report?

DigitalOcean System Token

Posted on January 4, 2023

Hi,

I’ve noticed DigitalOcean partnered with Github in the secret scanning program (mentioned here https://www.digitalocean.com/blog/updated-api-tokens-new-management-features). In their documentation they mention a ‘DigitalOcean System Token’ (https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns), but I’ve never seen one of those, nor is it mentioned in the documentation.

Is this something we should be aware of, does it exist and how is it generated? I suppose it is a secret since it fell into Github alerts.

Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0

Hi @tozya,

Good eye! There is not currently such a thing as a “DigitalOcean System Token.” When we registered our current token prefixes with GitHub, we reserved that for potential future usage.

DigitalOcean API tokens created via the control panel use the dop_v1_. Ones programmatically created via third-party integrations using the OAuth flow use doo_v1_, and the refresh tokens used in that flow use dor_v1_.

Hi @tozya,

I’ve looked over the page, most of the Tokens are used for authentication there and API usage. As for the DigitalOcean System Token, this is not currently in use. If not mistaken this is reserved for eventual future usage.

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.