Skip to content

IBM Event Streams API Key

Service Name: IBM Event Streams

Service Description: IBM Event Streams is a high-throughput message bus built with Apache Kafka that enables applications and services to communicate with each other using event-driven architecture. It provides a fully managed Apache Kafka service that simplifies the process of running Apache Kafka and makes it easier to build event-driven applications.

Service Address: https://cloud.ibm.com/catalog/services/event-streams

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level through IBM Cloud IAM policies and network access policies.

Secret Access Scope: Grants programmatic access to IBM Event Streams instances, allowing applications to produce and consume messages, manage topics, and access Kafka administration features.

Secret Revokement URL: https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-security#security_apikeys

Secret Example: T1BLZXk6a2V5OnVzLXNvdXRoOmExMjM0NTY3ODkwYWJjZGVmZ2hpams6MTIzNDU2Nzg5MGFiY2 RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU2

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls or access patterns
  • Check for unexpected topic creation, deletion, or configuration changes
  • Monitor for abnormal message throughput or consumption patterns
  • Verify if there are any unauthorized consumer groups accessing your data
  • Examine access logs for connections from unexpected IP addresses or locations

Mitigation Instructions:

  • Log in to the IBM Cloud console
  • Navigate to the Event Streams service instance
  • Go to Service credentials section
  • Identify the compromised API key
  • Delete the compromised API key by clicking the trash icon
  • Create a new API key with appropriate permissions
  • Update all legitimate applications with the new API key
  • Review and update IAM policies to ensure proper access controls
  • Consider implementing network access policies to restrict access by IP address
  • Enable audit logging if not already enabled to monitor future activity