IBM Hyper Protect
Crypto Services Key
Service Name: IBM Hyper Protect Crypto Services
Service Description: IBM Hyper Protect Crypto Services is a dedicated key management service and hardware security module (HSM) offering that provides cloud-based cryptographic key management and FIPS 140-2 Level 4 certified hardware security modules (HSMs) to help protect sensitive data and applications in the IBM Cloud.
Service Address: https://cloud.ibm.com/catalog/services/hyper-protect-crypto-services
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through IBM Cloud IAM policies and network access policies.
Secret Access Scope: Grants access to cryptographic operations, key management functions, and secure key storage within IBM Hyper Protect Crypto Services.
Secret Revokement URL: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-delete-api-keys
Secret Example: IC-API-KEY:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unauthorized API calls or key operations.
- Check for unusual patterns of cryptographic operations or key access.
- Monitor for unexpected key creation, deletion, or rotation events.
- Examine access logs for unusual IP addresses or times of access.
- Review IBM Cloud IAM access policies for any unauthorized changes.
Mitigation Instructions:
- Immediately rotate the compromised API key through the IBM Cloud console.
- Navigate to IBM Cloud IAM > API keys and delete the compromised key.
- Create a new API key with appropriate access restrictions.
- Update all applications and services using the old key with the new key.
- Review and restrict IAM policies to enforce the Principle of Least Privilege.
- Enable multi-factor authentication for IBM Cloud accounts.
- Consider implementing automated key rotation policies.
- Set up alerts for suspicious key usage patterns.