include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

If an attacker gains access to a RubyGems.org API key, they might be able to gain access to any private package linked to this token.

=== What is the potential impact?

The exact impact of the compromise of an RubyGems.org API key varies depending on the permissions granted to this token. It can range from loss of sensitive data and source code to severe supply chain attacks.

include::../../../shared_content/secrets/impact/source_code_compromise.adoc[]

include::../../../shared_content/secrets/impact/supply_chain_attack.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: rubygems_cec9db9373ea171daaaa0bf2337edce187f09558cb19c1b2
:example_name: rubygems.api-key
:example_env: RUBYGEMS_API_KEY

include::../../../shared_content/secrets/examples.adoc[]

=== Going the extra mile

include::../../../shared_content/secrets/extra_mile/permissions_scope.adoc[]

== Resources

=== Documentation

RubyGems.org - https://guides.rubygems.org/api-key-scopes/[API key scopes]

include::../../../shared_content/secrets/resources/standards.adoc[]