HashiCorp Boundary Token
Service Name: HashiCorp Boundary
Service Description: HashiCorp Boundary is a secure remote access solution that provides identity-based access controls for dynamic infrastructure. It enables fine-grained authorization for users to access hosts and services across different environments without exposing the underlying network.
Service Address: https://www.boundaryproject.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the target level using Boundary's policies and scopes.
Secret Access Scope: Grants authenticated access to resources defined within Boundary's scopes and targets. Tokens are used for authentication and authorization to access protected resources.
Secret Revokement URL: https://developer.hashicorp.com/boundary/docs/concepts/security/tokens#token-revocation
Secret Example: at_1234567890abcdefghijklmnopqrstuvwxyz01234567890abcdefghijk
Suspicious Activity Investigation Instructions:
- Review Boundary audit logs for unusual access patterns or unauthorized target connections.
- Check for unexpected session creations or access attempts from unusual locations.
- Monitor for changes in scope configurations or target definitions.
- Verify if there are any unauthorized privilege escalations within the Boundary system.
- Examine authentication logs for failed login attempts or brute force attacks.
Mitigation Instructions:
- Revoke the compromised token immediately using the Boundary CLI:
boundary tokens revoke -token <token_id>. - Rotate all affected credentials that may have been accessed through the compromised token.
- Review and update access policies to enforce the Principle of Least Privilege.
- Enable more granular session recording and monitoring for sensitive targets.
- Implement shorter token TTLs (Time-To-Live) for future tokens to reduce the window of exposure.
- Consider implementing just-in-time access provisioning for sensitive resources.
- Update Boundary to the latest version to ensure all security patches are applied.