Home / Companies / Contentful / Blog / Post Details
Content Deep Dive

How to use serverless as cronjobs to keep your Personal Access Tokens secure

Blog post from Contentful

Post Details
Company
Date Published
Author
Farruco Sanjurjo
Word Count
814
Company Posts That Month
11
Language
English
Hacker News Points
-
Post removed?
No
Summary

The Personal Access Tokens (PATs) feature in Contentful allows users to perform actions on their behalf, but they can be easily leaked and compromised if not handled properly. Leaving PATs in source code or using them as passwords is a security risk, and it's recommended to use environment variables instead. To address this issue, the Contentful team built a tool that scans for leaked PATs in GitHub repositories belonging to their organization and its users, and revokes them automatically if necessary. The tool uses serverless computing with AWS Lambda functions to run on a regular schedule without requiring infrastructure setup. This approach makes it easier to monitor and secure PATs, and provides a good example of how to build event-driven workflows using frameworks like Serverless.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Serverless 9 125 21 12 -31%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.