IBM Key Protect API Key
Service Name: IBM Key Protect
Service Description: IBM Key Protect is a cloud-based key management service that enables you to provision encrypted keys for applications across IBM Cloud services. It provides a centralized solution to create, import, store, and manage encryption keys used by IBM Cloud services or your custom applications.
Service Address: https://cloud.ibm.com/catalog/services/key-protect
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through IBM Cloud IAM policies and network access policies.
Secret Access Scope: Grants programmatic access to create, retrieve, update, and delete encryption keys in IBM Key Protect service. Can be used to manage key policies, rotate keys, and perform cryptographic operations.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: Yl2mVD8gC4rJxOvWBTEcPuVMdNKmPXRYZ9tLsQwF3jH7kAb5nZ
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls related to Key Protect.
- Check for unexpected key creation, deletion, or rotation events.
- Monitor for unauthorized access attempts or unusual IP addresses accessing the service.
- Review IAM access policies to ensure they're properly configured.
- Check for any unexpected changes to key policies or permissions.
Mitigation Instructions:
- Log in to the IBM Cloud console.
- Navigate to Manage > Access (IAM) > API keys.
- Locate the compromised API key and click on it.
- Click the Delete button to revoke the key.
- Create a new API key with appropriate access controls.
- Update any applications or services that were using the old key.
- Consider implementing more restrictive IAM policies for the new key.
- Enable multi-factor authentication for IBM Cloud accounts if not already enabled.
- Review and update key rotation policies to ensure regular key rotation.