Skip to content

Hashicorp

Service Name: HashiCorp

Service Description: HashiCorp provides a suite of tools designed to manage the modern data center, including Vault (secrets management), Terraform (infrastructure as code), Consul (service networking), and Nomad (workload orchestration).

Service Address: https://www.hashicorp.com/

  • Validation Type: -
  • IP Allow list: Does not exist
  • Secret Access Scope: Grants access to HashiCorp products like Vault,

Terraform, Consul, or Nomad depending on the token type.

  • Secret Revokement URL: Does not exist
  • Secret Example: hvs.CAES7AQIAhIVZmRlZDQ5ZjYtZTk1My00YWRiLWI4OTItYzQ5MjUyNTk4NTI5Ggd2YXVsdC0xIiQKHGhrcy5DNmhzUkdWa2JHOXdMVzFoYzNSbGNpMXJaWGsQARoSCgZ2YXVsdC0xEggxNjgxNDQwMCIcCgZzeXN0ZW0SCAgBEgIWBxoCEgASBhIEGgIaAA
  • Suspicious Activity Investigation Instructions:
  • Check HashiCorp product audit logs for unauthorized access or operations
  • Review access patterns and unusual API calls
  • Examine token usage history for anomalous activities
  • Verify if the token has been used from unusual IP addresses or locations
  • Check for unauthorized resource creation or modification
  • Mitigation Instructions:
  • Revoke the compromised token immediately through the respective HashiCorp product interface.
  • For Vault tokens: Use vault token revoke <token>
  • For Terraform Cloud tokens: Revoke through the user settings on the web UI
  • For Consul tokens: Use consul acl token delete <token>
  • Generate new tokens with appropriate permissions
  • Review and update access policies to follow the Principle of Least Privilege
  • Enable token TTLs (Time-To-Live) to automatically expire tokens
  • Implement token rotation policies