IBM Cloud Code Engine Project Key
Service Name: IBM Cloud Code Engine
Service Description: IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions, or batch jobs. Code Engine even builds container images for you from your source code.
Service Address: https://cloud.ibm.com/codeengine/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the IBM Cloud account level using context-based restrictions
Secret Access Scope: Grants programmatic access to IBM Cloud Code Engine projects, allowing management of applications, jobs, builds, and other resources within a specific project.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: IBMCLOUDAPIkey-1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls or resource access
- Check for unauthorized deployments or modifications to Code Engine projects
- Monitor for unexpected resource creation or deletion within Code Engine
- Verify if there are any unusual network egress patterns from Code Engine applications
- Check for unauthorized access from unexpected IP addresses or locations
Mitigation Instructions:
- Log in to the IBM Cloud console at https://cloud.ibm.com
- Navigate to Manage > Access (IAM) > API keys
- Locate the compromised API key in the list
- Click the "Actions" menu (three dots) next to the key and select Delete
- Create a new API key with appropriate access policies
- Update any applications or services using the old key with the new one
- Review and adjust IAM policies to enforce the Principle of Least Privilege.
- Consider implementing context-based restrictions to limit API key usage to specific IP ranges.
- Enable multi-factor authentication for IBM Cloud account access