Skip to content

FaunaDB Admin Key

Service Name: FaunaDB

Service Description: FaunaDB is a flexible, developer-friendly, transactional database delivered as a secure, cloud API with native GraphQL. It's a globally distributed, serverless database that combines the scalability of NoSQL with the relational capabilities and ACID consistency of SQL databases.

Service Address: https://fauna.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Fauna's security settings.

Secret Access Scope: Admin keys grant full access to all databases, collections, indexes, and documents within a Fauna account. They can create, read, update, and delete any resource, as well as manage users, roles, and permissions.

Secret Revokement URL: https://dashboard.fauna.com/keys/

Secret Example: fnAEpgT9XAACEgMQQISoGGWqsFFCDfgurC9kRSM

Suspicious Activity Investigation Instructions:

  • Review the Fauna Dashboard activity logs for unusual database operations.
  • Check for unexpected database, collection, or index creation.
  • Monitor for unusual query patterns or high-volume data access.
  • Look for unauthorized user creation or permission changes.
  • Examine API request logs for access from unfamiliar IP addresses or locations.

Mitigation Instructions:

  • Immediately revoke the compromised admin key through the Fauna Dashboard.
  • Create a new admin key with a different name to replace the compromised one.
  • Review and update any applications or services using the old key.
  • Consider implementing more granular access control by creating keys with limited scopes.
  • Enable IP-based restrictions for your Fauna account if not already in place.
  • Audit all database resources for unauthorized changes or data exfiltration.
  • Implement monitoring and alerting for suspicious database activities.