Hashicorp
Service Name: HashiCorp
Service Description: HashiCorp provides a suite of tools designed to manage the modern data center, including Vault (secrets management), Terraform (infrastructure as code), Consul (service networking), and Nomad (workload orchestration).
Service Address: https://www.hashicorp.com/
- Validation Type: -
- IP Allow list: Does not exist
- Secret Access Scope: Grants access to HashiCorp products like Vault,
Terraform, Consul, or Nomad depending on the token type.
- Secret Revokement URL: Does not exist
- Secret Example:
hvs.CAES7AQIAhIVZmRlZDQ5ZjYtZTk1My00YWRiLWI4OTItYzQ5MjUyNTk4NTI5Ggd2YXVsdC0xIiQKHGhrcy5DNmhzUkdWa2JHOXdMVzFoYzNSbGNpMXJaWGsQARoSCgZ2YXVsdC0xEggxNjgxNDQwMCIcCgZzeXN0ZW0SCAgBEgIWBxoCEgASBhIEGgIaAA - Suspicious Activity Investigation Instructions:
- Check HashiCorp product audit logs for unauthorized access or operations
- Review access patterns and unusual API calls
- Examine token usage history for anomalous activities
- Verify if the token has been used from unusual IP addresses or locations
- Check for unauthorized resource creation or modification
- Mitigation Instructions:
- Revoke the compromised token immediately through the respective HashiCorp product interface.
- For Vault tokens: Use
vault token revoke <token> - For Terraform Cloud tokens: Revoke through the user settings on the web UI
- For Consul tokens: Use
consul acl token delete <token> - Generate new tokens with appropriate permissions
- Review and update access policies to follow the Principle of Least Privilege
- Enable token TTLs (Time-To-Live) to automatically expire tokens
- Implement token rotation policies