Cloudinary API Key
Service Name: Cloudinary
Service Description: Cloudinary is a cloud-based service that provides an end-to- end image and video management solution including uploads, storage, manipulations, optimizations and delivery.
Service Address: https://cloudinary.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Cloudinary's security settings.
Secret Access Scope: Grants programmatic access to Cloudinary's API for managing media assets, including uploading, transforming, and delivering images and videos.
Secret Revokement URL: https://cloudinary.com/console/settings/security
Secret Example: 123456789012345678901234
Suspicious Activity Investigation Instructions:
- Review Cloudinary usage logs for unusual activity or unauthorized access
- Check for unexpected media uploads, deletions, or transformations
- Monitor for unusual bandwidth or storage usage spikes
- Verify API calls from unexpected geographic locations
- Review access patterns for off-hours usage or unusual volume of requests
Mitigation Instructions:
- Log in to your Cloudinary Management Console
- Navigate to Settings > Security
-
Locate the compromised API key
-
Click "Revoke" or "Delete" to invalidate the key
- Generate a new API key with appropriate restrictions
- Update your applications with the new API key
- Consider implementing delivery restrictions and URL signing for enhanced
security
- Enable notifications for suspicious activities
- Review and update your security settings, including IP restrictions if applicable