DBT Cloud API Key
Service Name: DBT Cloud
Service Description: DBT Cloud is a managed service for data transformation that helps data teams build, test, deploy, and monitor data transformations in the cloud. It provides a collaborative environment for data analysts and engineers to work with SQL-based data transformations.
Service Address: https://cloud.getdbt.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level in DBT Cloud settings.
Secret Access Scope: Grants programmatic access to DBT Cloud resources, including projects, environments, jobs, and runs. Can be used to trigger jobs, fetch run information, and manage DBT Cloud resources.
Secret Revokement URL: https://cloud.getdbt.com/settings/profile/api-tokens
Secret Example: dbt_cloud_01234567890abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review the API token usage history in DBT Cloud audit logs.
- Check for unauthorized job runs or modifications to DBT projects.
- Monitor for unusual patterns of API calls, especially those modifying environments or credentials.
- Verify if the token was used from unexpected IP addresses or locations.
- Review any changes to data models or transformations that might have been made through the API.
Mitigation Instructions:
- Log in to your DBT Cloud account and navigate to Account Settings.
- Go to the "Profile" section and select "API Tokens".
- Locate the compromised token and click "Revoke".
- Create a new API token with appropriate permissions if needed.
- Update any legitimate applications or services that were using the revoked token.
- Consider implementing more restrictive IP allow lists for API access.
- Review and update user permissions to ensure the Principle of Least Privilege.