Akeyless Vault Token
Service Name: Akeyless
Service Description: Akeyless is a SaaS-based secrets management platform that provides secure storage, management, and access control for secrets, certificates, and keys. It offers a unified solution for managing secrets across cloud and on-premises environments.
Service Address: https://www.akeyless.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the access role level through Akeyless access rules.
Secret Access Scope: Grants access to secrets, certificates, keys, and other sensitive information stored in the Akeyless Vault based on the permissions assigned to the token.
Secret Revokement URL: https://docs.akeyless.io/docs/revoke-tokens
Secret Example: p-1234abcd-5678-efgh-ijkl-mnopqrstuvwx
Suspicious Activity Investigation Instructions:
-
Review access logs in the Akeyless audit trail for unusual access patterns or unauthorized access attempts.
-
Check for unexpected token usage from unfamiliar IP addresses or outside normal working hours.
-
Monitor for unusual secret access or high-volume retrieval of sensitive information.
-
Verify if the token has been used to create or modify access roles or permissions.
-
Examine authentication events for failed login attempts using the compromised token.
Mitigation Instructions:
-
Immediately revoke the compromised token through the Akeyless web interface or API.
-
Navigate to the Akeyless console and go to the "Access Management" section.
-
Locate the affected token in the list and select "Revoke".
-
Generate a new token with appropriate permissions if needed.
-
Review and update access policies to enforce the Principle of Least Privilege.
-
Enable additional security controls such as IP restrictions and time-based access.
-
Consider implementing automatic token rotation policies.
-
Update any applications or services that were using the compromised token with the new credentials.