Envkey API Key
Service Name: EnvKey
Service Description: EnvKey is a service that helps developers manage environment variables and secrets across development teams and environments. It provides a secure way to store, share, and sync configuration data for applications.
Service Address: https://www.envkey.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through EnvKey's access controls.
Secret Access Scope: Grants programmatic access to EnvKey's API, allowing management of environment variables, secrets, and configuration data across different environments.
Secret Revokement URL: https://app.envkey.com/account/access_tokens
Secret Example: envkey_123abc456def789ghi0jkl1mno2pqr3stu4vwx5yz
Suspicious Activity Investigation Instructions:
- Review EnvKey audit logs for unusual access patterns or configuration changes.
- Check for unauthorized environment variable or secret access.
- Monitor for unexpected changes to environment configurations.
- Verify if there were any unauthorized exports of environment data.
- Look for API calls from unusual locations or IP addresses.
Mitigation Instructions:
- Log in to your EnvKey account at https://app.envkey.com/.
- Go to Account Settings > Access Tokens.
- Locate the compromised API key and select Revoke.
- Generate a new API key if needed.
- Update the API key in all legitimate applications and services.
- Review and update access permissions for users who had access to the compromised key.
- Consider implementing more restrictive access controls for sensitive environment variables.