Skip to content

Cloudinary API Key

Service Name: Cloudinary

Service Description: Cloudinary is a cloud-based service that provides an end-to- end image and video management solution including uploads, storage, manipulations, optimizations and delivery.

Service Address: https://cloudinary.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Cloudinary's security settings.

Secret Access Scope: Grants programmatic access to Cloudinary's API for managing media assets, including uploading, transforming, and delivering images and videos.

Secret Revokement URL: https://cloudinary.com/console/settings/security

Secret Example: 123456789012345678901234

Suspicious Activity Investigation Instructions:

  • Review Cloudinary usage logs for unusual activity or unauthorized access
  • Check for unexpected media uploads, deletions, or transformations
  • Monitor for unusual bandwidth or storage usage spikes
  • Verify API calls from unexpected geographic locations
  • Review access patterns for off-hours usage or unusual volume of requests

Mitigation Instructions:

  • Log in to your Cloudinary Management Console
  • Navigate to Settings > Security
  • Locate the compromised API key

  • Click "Revoke" or "Delete" to invalidate the key

  • Generate a new API key with appropriate restrictions
  • Update your applications with the new API key
  • Consider implementing delivery restrictions and URL signing for enhanced

security

  • Enable notifications for suspicious activities
  • Review and update your security settings, including IP restrictions if applicable