Skip to content

HashiCorp Vault Key

Service Name: HashiCorp Vault

Service Description: HashiCorp Vault is a secrets management tool that securely stores and controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing, and can be used to manage secrets, encrypt/decrypt data, and generate dynamic credentials.

Service Address: https://www.vaultproject.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through Vault's access control policies and network segmentation.

Secret Access Scope: Grants access to secrets stored in HashiCorp Vault, including the ability to read, write, and manage secrets depending on the token's policies.

Secret Revokement URL: https://developer.hashicorp.com/vault/docs/concepts/tokens#token-revocation

Secret Example: hvs.CAESIJyR7yM1CUQ4_iyB-7HFIUhUCIzg3ZZfqEzGXvUYmXJnGh4KHGh2cy5jQVVTRnhPejVEVFh1UmVwVXFQZDFzNmI

Suspicious Activity Investigation Instructions:

  • Review Vault audit logs for unusual access patterns or unauthorized operations
  • Check for unexpected token creations, policy changes, or secret access
  • Monitor for unusual authentication attempts or failed logins
  • Verify if any secrets were unexpectedly modified or accessed
  • Examine the IP addresses and times of suspicious access events

Mitigation Instructions:

  • Immediately revoke the compromised token using the Vault CLI: vault token revoke <token>
  • Rotate any secrets that may have been accessed by the compromised token
  • Review and update Vault access policies to enforce the Principle of Least Privilege
  • Enable or review Vault's audit logging to track future access
  • Consider implementing shorter TTLs (Time-To-Live) for tokens to limit exposure
  • Update any applications using the revoked token with new credentials
  • Consider implementing multi-factor authentication for Vault access