IBM Kubernetes Service API Key
Service Name: IBM Cloud Kubernetes Service
Service Description: IBM Cloud Kubernetes Service is a managed container service that enables the deployment, management, and scaling of containerized applications on Kubernetes clusters hosted on IBM Cloud infrastructure.
Service Address: https://cloud.ibm.com/kubernetes/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the cluster level using network policies and security groups in IBM Cloud.
Secret Access Scope: Grants programmatic access to manage IBM Kubernetes Service clusters, including creating, updating, and deleting clusters, nodes, and other Kubernetes resources.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls related to Kubernetes clusters
- Check for unauthorized cluster access, node creation, or configuration changes
- Monitor for unexpected workload deployments or service exposures
- Verify network traffic patterns for unusual outbound connections from cluster nodes
- Examine IAM logs for suspicious authentication attempts using the API key
Mitigation Instructions:
- Log in to the IBM Cloud console at https://cloud.ibm.com
- Navigate to Manage > Access (IAM) > API keys
- Locate the compromised API key in the list
- Click the "Actions" menu (three dots) next to the key and select Delete
- Create a new API key with appropriate permissions if needed
- Update all legitimate applications and services to use the new API key
- Review and adjust IAM policies to enforce the Principle of Least Privilege
- Consider implementing API key rotation policies for regular key changes
- Enable multi-factor authentication for IBM Cloud accounts with administrative access