Couchbase API Token
Service Name: Couchbase
Service Description: Couchbase is a distributed NoSQL cloud database that delivers unmatched versatility, performance, scalability, and financial value for modern applications. It provides a flexible JSON data model, real-time data processing, and enterprise-grade security.
Service Address: https://www.couchbase.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the cluster level through Couchbase's security settings.
Secret Access Scope: Grants programmatic access to Couchbase databases, clusters, and services. Depending on the token's permissions, it can allow read/write operations, administrative functions, and access to specific buckets.
Secret Revokement URL: https://docs.couchbase.com/server/current/rest-api/rest-token-management.html
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjb3VjaGJhc2UiLCJleHAiOjE2O Tg3NjU0MzB9.8dKoKbVSaIYLkrMXqrIXHiEfB7zQqg2jsXZE5EXAMPLE
Suspicious Activity Investigation Instructions:
- Review Couchbase audit logs for unusual query patterns or data access
- Check for unexpected spikes in database operations or traffic
- Monitor for unauthorized access attempts from unfamiliar IP addresses
- Examine user activity logs for operations outside normal business hours
- Look for unusual data export operations or bulk retrievals
Mitigation Instructions:
- Immediately revoke the compromised API token through the Couchbase Web
Console
- Generate a new API token with appropriate permissions
- Update all applications using the old token with the new credentials
- Review and adjust token permissions to follow the principle of least privilege
- Enable IP allowlisting for API access if not already configured
- Consider implementing shorter token expiration periods
- Update your secret management system to rotate tokens regularly
- Review audit logs to assess the extent of any potential breach