Skip to content

Envkey API Key

Service Name: EnvKey

Service Description: EnvKey is a service that helps developers manage environment variables and secrets across development teams and environments. It provides a secure way to store, share, and sync configuration data for applications.

Service Address: https://www.envkey.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through EnvKey's access controls.

Secret Access Scope: Grants programmatic access to EnvKey's API, allowing management of environment variables, secrets, and configuration data across different environments.

Secret Revokement URL: https://app.envkey.com/account/access_tokens

Secret Example: envkey_123abc456def789ghi0jkl1mno2pqr3stu4vwx5yz

Suspicious Activity Investigation Instructions:

  • Review EnvKey audit logs for unusual access patterns or configuration changes.
  • Check for unauthorized environment variable or secret access.
  • Monitor for unexpected changes to environment configurations.
  • Verify if there were any unauthorized exports of environment data.
  • Look for API calls from unusual locations or IP addresses.

Mitigation Instructions:

  • Log in to your EnvKey account at https://app.envkey.com/.
  • Go to Account Settings > Access Tokens.
  • Locate the compromised API key and select Revoke.
  • Generate a new API key if needed.
  • Update the API key in all legitimate applications and services.
  • Review and update access permissions for users who had access to the compromised key.
  • Consider implementing more restrictive access controls for sensitive environment variables.