Cleartext Exposed Secrets Use-Cases
Industry-leading exposed secrets detections across the entire organization. Reveal clear-text secrets exposed in cloud providers configurations, code-repositories, CICD output logs, collaboration platforms, and messaging apps.
Description
Compared to regular human-owned username and passwords, secrets & tokens lack additional security observability (continued monitoring), restrictions (conditional access, IP lock) and enforcements (MFA). This will make them the number one targets for credentials harvesting during a potential breach. SailPoint Entro reveals all clear-text secrets scattered on your organization and prioritizes which should be eliminated.
Validity
Each detected secret also includes validation status, to determine whether it can be leveraged to gain additional access to your organization’s resources.
-
Enabled The token has been confirmed by SailPoint Entro as enabled and is publicly accessible. This makes it potentially vulnerable to exploitation by unauthorized actors.
-
Disabled The token is confirmed to be disabled or deactivated. This state prevents it from being exploited for unauthorized access. Regularly review the status of the token to ensure it remains disabled.
-
Invalid This token is not usable and cannot be exploited for unauthorized access. The invalidity could be due to incorrect formatting, expiration, revocation, or access restriction.
-
Revoked This secret has transitioned from enabled to invalid. It is now invalid and cannot be used for authorization.
-
Unsupported Validity check not supported by cloud provider.
-
Unreachable Due to network restrictions (on-prem server, firewall), the secret cannot be validated.
When an enabled secret is observed, entro will also include some enrichment data for it in the “Validity” tab.
Context
When an exposed secret is also correlated with one of your organization's NHI Tokens, SailPoint Entro will include additional context and enrichment for the exposed secret, such as:
-
Target account
-
Environment labeling
-
Permissioning
-
Usage
-
Rotation
-
Owners
Risks triggers
Risks associated with exposed secrets will only open if the exposed secret is not invalid, revoked or disabled. It’s also possible to restrict risks to open only if the exposed secret is enabled. Any risk of exposed secret transitioning from enabled to revoked/invalid/disabled will be automatically resolved.
Exposed secrets samples
Eventually, secrets are a collection of strings that grants access to services. These are some of the secret types you should expect seeing in SailPoint Entro.
-
Figma PAT
-
GitHub Fine-grained PAT
-
Heroku
-
DataDog Api-Key
-
Slack token
-
Azure app registration client secret
-
GCP Service account private key
-
AWS Access Key
-
Atlassian Cloud Token
-
Gitlab