Skip to content

IBM Kubernetes Service API Key

Service Name: IBM Cloud Kubernetes Service

Service Description: IBM Cloud Kubernetes Service is a managed container service that enables the deployment, management, and scaling of containerized applications on Kubernetes clusters hosted on IBM Cloud infrastructure.

Service Address: https://cloud.ibm.com/kubernetes/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the cluster level using network policies and security groups in IBM Cloud.

Secret Access Scope: Grants programmatic access to manage IBM Kubernetes Service clusters, including creating, updating, and deleting clusters, nodes, and other Kubernetes resources.

Secret Revokement URL: https://cloud.ibm.com/iam/apikeys

Secret Example: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH

Suspicious Activity Investigation Instructions:

  • Review IBM Cloud Activity Tracker logs for unusual API calls related to Kubernetes clusters
  • Check for unauthorized cluster access, node creation, or configuration changes
  • Monitor for unexpected workload deployments or service exposures
  • Verify network traffic patterns for unusual outbound connections from cluster nodes
  • Examine IAM logs for suspicious authentication attempts using the API key

Mitigation Instructions:

  • Log in to the IBM Cloud console at https://cloud.ibm.com
  • Navigate to Manage > Access (IAM) > API keys
  • Locate the compromised API key in the list
  • Click the "Actions" menu (three dots) next to the key and select Delete
  • Create a new API key with appropriate permissions if needed
  • Update all legitimate applications and services to use the new API key
  • Review and adjust IAM policies to enforce the Principle of Least Privilege
  • Consider implementing API key rotation policies for regular key changes
  • Enable multi-factor authentication for IBM Cloud accounts with administrative access