include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

MapBox secret access tokens are used to authenticate MapBox API calls. Each
token is assigned one or more scopes that determine which API calls can be made
using that token.

Below are some real-world scenarios that illustrate some impacts of an attacker
exploiting the access token.

include::../../../shared_content/secrets/impact/data_modification.adoc[]

include::../../../shared_content/secrets/impact/non_repudiation.adoc[]

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: sk.eyJ1IjoiZXhhbXBsZSIsImEiOiJFeEFtUGxFIn0.IsnG4xwWhubMpVzDrQfFWg
:example_name: mapbox.access-token
:example_env: MAPBOX_ACCESS_TOKEN

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

//=== Benchmarks