Skip to content

IBM Cloud IAM API Key

Service Name: IBM Cloud

Service Description: IBM Cloud is a suite of cloud computing services from IBM that offers both platform as a service (PaaS) and infrastructure as a service (IaaS). IBM Cloud IAM (Identity and Access Management) API keys are used for programmatic access to IBM Cloud resources.

Service Address: https://cloud.ibm.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level using IBM Cloud context-based restrictions.

Secret Access Scope: Grants programmatic access to IBM Cloud resources and services based on the permissions assigned to the user or service ID that created the API key.

Secret Revokement URL: https://cloud.ibm.com/iam/apikeys

Secret Example: IBMCl0ud-ApiK3y-AbCdEf1234GhIjKlMnOpQrStUvWxYz

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls or resource access.
  • Check IBM Cloud console for unexpected resource creation or modification.
  • Monitor for unauthorized service usage or unusual geographic access patterns.
  • Review IAM access policies to ensure they haven't been modified unexpectedly.
  • Check for any new service IDs or API keys that may have been created without authorization.

Mitigation Instructions:

  • Log in to the IBM Cloud console at IBM Cloud.
  • Navigate to Manage > Access (IAM) > API keys.
  • Locate the compromised API key in the list.
  • Click the "Actions" menu (three dots) next to the key and select Delete.
  • Confirm the deletion when prompted.
  • Create a new API key with appropriate permissions if needed.
  • Review and update access policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for all users with access to the IBM Cloud account.
  • Consider implementing context-based restrictions to limit API key usage to specific IP ranges.