Skip to content

Production Secret Is Fetched by IDE

Description

Retrieving production secrets from IDE exposes a considerable attack surface and poses a significant security threat. This practice may potentially result in a breach, data exposure, and compliance complications.

Detection triggers

  • Secret read event, targeting a secret in a production environment, using an IDE tool user-agent, such as “Visual Studio” or “Eclipse”.

Mitigation

Review abnormal activity

The usage of IDE in a production environment is considered an anomaly.

Review this activity by following these steps:

  • Review the “activity” tab with the IDE actor filter to check if the activity is re-occurring.
  • Investigate the actor identity responsible for the fetching workload, to understand if it is legitimate and expected.

    • If legitimate, move this risk status to ‘approved’.

    • Otherwise, consider rotating the secret and investigating the actors.