IBM Watson Text to Speech Key
Service Name: IBM Watson Text to Speech
Service Description: IBM Watson Text to Speech is a cloud service that converts written text into natural-sounding audio in a variety of languages and voices, using advanced deep learning technologies to synthesize human-like speech.
Service Address: https://www.ibm.com/cloud/watson-text-to-speech
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through IBM Cloud IAM settings
Secret Access Scope: Grants programmatic access to IBM Watson Text to Speech API services, allowing applications to convert text to audio.
Secret Revokement URL: https://cloud.ibm.com/iam/apikeys
Secret Example: IBMWatsonTextToSpeech_API_KEY_12345abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review IBM Cloud Activity Tracker logs for unusual API calls or usage patterns
- Check for unexpected spikes in service usage or billing
- Monitor for API calls from unfamiliar IP addresses or locations
- Examine application logs for unauthorized integration with the Text to Speech service
- Verify if the key has been used in applications or environments it shouldn't be used in
Mitigation Instructions:
- Log in to the IBM Cloud console at https://cloud.ibm.com
-
Navigate to Manage > Access (IAM) > API keys
-
Locate the compromised API key in the list
- Click the "Actions" menu (three dots) next to the key and select "Delete"
- Create a new API key with appropriate access restrictions
- Update all legitimate applications with the new API key
- Consider implementing more restrictive access policies using IBM Cloud IAM
- Enable service-specific restrictions where available
- Review and update your secret management practices to prevent future
exposures