Description: The Slack API token provides you with a Slack API key. Much like the AWS API keys Canarytoken, you should leave these in private code repositories or on a developer's machine. An attacker who stumbles on this key will think they have unvetted access to your organisation's Slack. If they are used (for example using the Slack Web API), you will be alerted.
Follow the steps below to create a Slack API Key Canarytoken:
Log in to your Console.
Select the Canarytokens tile.
Select the Slack API Key token from the list.
Over time, if you are using tokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the token was dropped. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.
Note: we chose "Slack API keys on Jim's Laptop" as the reminder
Copy the token and place it in its intended location.
Note: The Slack API key that is displayed can be copied into a credentials file. The file is formatted such that it looks like a file that someone might use to store API keys.
An alert is triggered when the Slack API key is used.
You're done! ;-)