Skip to content

Akeyless Vault Token

Service Name: Akeyless

Service Description: Akeyless is a SaaS-based secrets management platform that provides secure storage, management, and access control for secrets, certificates, and keys. It offers a unified solution for managing secrets across cloud and on-premises environments.

Service Address: https://www.akeyless.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the access role level through Akeyless access rules.

Secret Access Scope: Grants access to secrets, certificates, keys, and other sensitive information stored in the Akeyless Vault based on the permissions assigned to the token.

Secret Revokement URL: https://docs.akeyless.io/docs/revoke-tokens

Secret Example: p-1234abcd-5678-efgh-ijkl-mnopqrstuvwx

Suspicious Activity Investigation Instructions:

  • Review access logs in the Akeyless audit trail for unusual access patterns or unauthorized access attempts.

  • Check for unexpected token usage from unfamiliar IP addresses or outside normal working hours.

  • Monitor for unusual secret access or high-volume retrieval of sensitive information.

  • Verify if the token has been used to create or modify access roles or permissions.

  • Examine authentication events for failed login attempts using the compromised token.

Mitigation Instructions:

  • Immediately revoke the compromised token through the Akeyless web interface or API.

  • Navigate to the Akeyless console and go to the "Access Management" section.

  • Locate the affected token in the list and select "Revoke".

  • Generate a new token with appropriate permissions if needed.

  • Review and update access policies to enforce the Principle of Least Privilege.

  • Enable additional security controls such as IP restrictions and time-based access.

  • Consider implementing automatic token rotation policies.

  • Update any applications or services that were using the compromised token with the new credentials.