Skip to content

DBT Cloud API Key

Service Name: DBT Cloud

Service Description: DBT Cloud is a managed service for data transformation that helps data teams build, test, deploy, and monitor data transformations in the cloud. It provides a collaborative environment for data analysts and engineers to work with SQL-based data transformations.

Service Address: https://cloud.getdbt.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level in DBT Cloud settings.

Secret Access Scope: Grants programmatic access to DBT Cloud resources, including projects, environments, jobs, and runs. Can be used to trigger jobs, fetch run information, and manage DBT Cloud resources.

Secret Revokement URL: https://cloud.getdbt.com/settings/profile/api-tokens

Secret Example: dbt_cloud_01234567890abcdefghijklmnopqrstuvwxyz

Suspicious Activity Investigation Instructions:

  • Review the API token usage history in DBT Cloud audit logs.
  • Check for unauthorized job runs or modifications to DBT projects.
  • Monitor for unusual patterns of API calls, especially those modifying environments or credentials.
  • Verify if the token was used from unexpected IP addresses or locations.
  • Review any changes to data models or transformations that might have been made through the API.

Mitigation Instructions:

  • Log in to your DBT Cloud account and navigate to Account Settings.
  • Go to the "Profile" section and select "API Tokens".
  • Locate the compromised token and click "Revoke".
  • Create a new API token with appropriate permissions if needed.
  • Update any legitimate applications or services that were using the revoked token.
  • Consider implementing more restrictive IP allow lists for API access.
  • Review and update user permissions to ensure the Principle of Least Privilege.