Skip to content

IBM Cloud API Key

Service Name: IBM Cloud

Service Description: IBM Cloud is a suite of cloud computing services from IBM that offers both platform as a service (PaaS) and infrastructure as a service (IaaS). It provides a range of services including compute, storage, networking, database, analytics, AI, IoT, and more.

Service Address: https://cloud.ibm.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level using IBM Cloud Security Groups and Access Control Lists (ACLs).

Secret Access Scope: Grants programmatic access to IBM Cloud resources and services based on the permissions assigned to the API key. Can be used to authenticate with IBM Cloud CLI, SDKs, and REST APIs.

Secret Revokement URL: https://cloud.ibm.com/iam/apikeys

Secret Example: IBMCloud_API_Key-abcdefghijklmnopqrstuvwxyz0123456789ABCD

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls or resource access.
  • Check IBM Cloud console for unexpected resource creation or modification.
  • Monitor for unauthorized service usage or unusual geographic access patterns.
  • Review IAM access policies associated with the compromised API key.
  • Check for unexpected billing increases that might indicate resource abuse.

Mitigation Instructions:

  • Log in to the IBM Cloud console at IBM Cloud.
  • Navigate to Manage > Access (IAM) > API keys.
  • Locate the compromised API key in the list.
  • Click the "Actions" menu (three dots) next to the key and select Delete.
  • Confirm the deletion when prompted.
  • Create a new API key with appropriate permissions if needed.
  • Update any applications, scripts, or services that were using the old API key.
  • Consider implementing more restrictive IAM policies for the new API key.
  • Enable multi-factor authentication for your IBM Cloud account if not already enabled.