IBM Cloudant API Key
Service Name: IBM Cloudant
Service Description: IBM Cloudant is a fully managed, distributed database optimized for heavy workloads and fast-growing web and mobile applications. It's based on Apache CouchDB and provides a JSON document store with high availability, scalability, and durability.
Service Address: https://www.ibm.com/cloud/cloudant
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level through IBM Cloud IAM policies and network access policies.
Secret Access Scope: Grants programmatic access to IBM Cloudant databases and their associated operations including read, write, and administrative functions depending on the permissions assigned to the API key.
Secret Revokement URL: https://cloud.ibm.com/docs/Cloudant?topic=Cloudant-work-with-your-account#creating-api-keys
Secret Example: eyJraWQiOiIyMDIzMDcxMDE2NTkiLCJhbGciOiJSUzI1NiJ9.eyJpYW1faWQiOiJJQk1pZC0xMjM0NTY3ODkwIiwiaWQiOiJJQk1pZC0xMjM0NTY3ODkwIiwicmVhbG1pZCI6IklCTWlkIiwianRpIjoiYWJjZGVmMTIzNDU2Nzg5MCIsImlkZW50aWZpZXIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkNsb3VkYW50QVBJIiwic3ViIjoiY2xvdWRhbnQtYXBpIiwic3ViX3R5cGUiOiJzZXJ2aWNlSWQiLCJpYXQiOjE2MjM0NTY3ODksImV4cCI6MTYyMzQ2MDM4OX0.Signature
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls or database access patterns.
- Check for unexpected database operations, especially bulk operations or deletions.
- Monitor for unauthorized replication attempts or changes to database permissions.
- Examine access logs for connections from unfamiliar IP addresses or locations.
- Review database usage metrics for unusual spikes in read/write operations.
Mitigation Instructions:
- Log in to the IBM Cloud console.
- Navigate to your Cloudant instance.
- Go to Service credentials section.
- Identify the compromised API key and delete it.
- Create a new API key with appropriate permissions.
- Update all legitimate applications to use the new API key.
- Review and update IAM policies to ensure proper access controls.
- Enable multi-factor authentication for IBM Cloud account if not already enabled.
- Consider implementing IP allowlisting for your Cloudant instance if appropriate for your use case.