Skip to content

IBM Hyper Protect

Crypto Services Key

Service Name: IBM Hyper Protect Crypto Services

Service Description: IBM Hyper Protect Crypto Services is a dedicated key management service and hardware security module (HSM) offering that provides cloud-based cryptographic key management and FIPS 140-2 Level 4 certified hardware security modules (HSMs) to help protect sensitive data and applications in the IBM Cloud.

Service Address: https://cloud.ibm.com/catalog/services/hyper-protect-crypto-services

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through IBM Cloud IAM policies and network access policies.

Secret Access Scope: Grants access to cryptographic operations, key management functions, and secure key storage within IBM Hyper Protect Crypto Services.

Secret Revokement URL: https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-delete-api-keys

Secret Example: IC-API-KEY:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unauthorized API calls or key operations.
  • Check for unusual patterns of cryptographic operations or key access.
  • Monitor for unexpected key creation, deletion, or rotation events.
  • Examine access logs for unusual IP addresses or times of access.
  • Review IBM Cloud IAM access policies for any unauthorized changes.

Mitigation Instructions:

  • Immediately rotate the compromised API key through the IBM Cloud console.
  • Navigate to IBM Cloud IAM > API keys and delete the compromised key.
  • Create a new API key with appropriate access restrictions.
  • Update all applications and services using the old key with the new key.
  • Review and restrict IAM policies to enforce the Principle of Least Privilege.
  • Enable multi-factor authentication for IBM Cloud accounts.
  • Consider implementing automated key rotation policies.
  • Set up alerts for suspicious key usage patterns.