Directus Admin Key
Service Name: Directus
Service Description: Directus is an open-source headless CMS (Content Management System) that provides a real-time API and intuitive admin app for managing database content. It allows developers to build custom solutions while providing non-technical users with a friendly interface for content management.
Service Address: https://directus.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the server level through environment variables or custom middleware.
Secret Access Scope: Grants full administrative access to the Directus instance, including all collections, files, users, and system settings.
Secret Revokement URL: https://docs.directus.io/self-hosted/config-options.html#security
Secret Example: directus_admin_1a2b3c4d5e6f7g8h9i0j
Suspicious Activity Investigation Instructions:
- Review the activity logs in the Directus admin panel for unauthorized access or suspicious operations.
- Check for unexpected changes to collections, fields, or user permissions.
- Monitor for unusual API requests or data exports in server logs.
- Verify if any new admin users have been created without authorization.
- Examine file uploads for potentially malicious content.
Mitigation Instructions:
-
Immediately generate a new admin key by updating the ADMIN_API_KEY environment variable in your Directus configuration.
-
Restart the Directus service to apply the new key.
- Update any legitimate applications or services that use the admin key with the new value.
- Consider implementing IP restrictions for admin access through environment variables.
- Review and potentially revoke access for any suspicious user accounts.
- Enable two-factor authentication for all admin users if not already enabled.
- Consider implementing a token rotation policy for regular key changes.