Skip to content

Production Secret Is Fetched by IDE

Eco-system support

  • AWS Secrets Manager

  • Azure Key Vault

  • GCP Secrets Manager

Description

Retrieving production secrets from IDE exposes a considerable attack surface and poses a significant security threat. This practice may potentially result in a breach, data exposure, and compliance complications.

Detection triggers

  • Secret read event, targeting a secret in a production environment, using an IDE tool user-agent, such as “Visual Studio” or “Eclipse”.

Mitigation

Review abnormal activity

The usage of IDE in a production environment is considered an anomaly.

Review this activity by following these steps:

  1. Review the “activity” tab with the IDE actor filter to check if the activity is re-occurring.
  2. Investigate the actor identity responsible for the fetching workload, to understand if it is legitimate and expected.

    • If legitimate, move this risk status to ‘approved’.

    • Otherwise, consider rotating the secret and investigating the actors.