Leaking a Fastly API token in source code can cause severe security issues as it can give unauthorized access to Fastly services, which can result in a data breach and financial loss due to unauthorized utilisation of Fastly resources.
If an API token has been leaked, you can delete the token to mitigate the vulnerability.
It is recommended to use environment variables to store the API key. This ensures that the key is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the API key as it can be updated without modifying the source code. Additionally, it is recommended that access to the API key is restricted to only those who need it, by using the Fastly role-based access control (RBAC) mechanism.
import fastly
client = fastly.Client(token='YOUR_API_TOKEN')
import fastly
import os
client = fastly.Client(token=os.getenv('FASTLY_API_TOKEN'))
Note that the fastly
module provides an easy way to retrieve credentials by using the get_api_key()
function instead of directly specifying the token:
import fastly
client = fastly.Client(token=fastly.get_api_key())