CloudTruth API Key
Service Name: CloudTruth
Service Description: CloudTruth is a configuration management platform that helps organizations manage parameters, secrets, and configurations across different environments. It provides centralized control over application configurations and infrastructure settings.
Service Address: https://cloudtruth.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through CloudTruth's access controls.
Secret Access Scope: Grants programmatic access to CloudTruth's API, allowing management of parameters, secrets, and configurations across environments.
Secret Revokement URL: https://cloudtruth.com/docs/api-keys
Secret Example: ct_api_aBcD1234efGH5678ijKL9012mnOP3456qrST7890
Suspicious Activity Investigation Instructions:
- Review CloudTruth audit logs for unusual API calls or parameter changes
- Check for unauthorized modifications to parameters or configurations
- Monitor for unexpected environment creation or deletion
- Look for unusual access patterns or access from unfamiliar locations
- Review parameter value changes, especially in sensitive environments
Mitigation Instructions:
- Log in to your CloudTruth account and navigate to the API Keys section
- Identify and revoke the compromised API key immediately
-
Create a new API key with appropriate permissions if needed
-
Review and update any parameters or secrets that may have been exposed
- Enable additional security features like IP restrictions if available
- Review access logs to understand the scope of potential compromise
- Update any downstream systems that may have been affected by unauthorized
configuration changes
- Consider rotating other secrets that may have been accessible via the
compromised key