Keeper Secrets Manager Key
Service Name: Keeper Security
Service Description: Keeper Secrets Manager is a zero-knowledge, cloud-based vault for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data.
Service Address: https://keepersecurity.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Keeper's Enterprise controls.
Secret Access Scope: Grants programmatic access to secrets stored in Keeper's vault, allowing applications to retrieve credentials, keys, and other sensitive information.
Secret Revokement URL: https://docs.keeper.io/secrets-manager/secrets-manager/secrets-manager-configuration/application-configuration
Secret Example: US:AKCp8jQcoDVtNf3kPMzzJyRJw9KoiyDQnWPGl1G4U65CT6OdPQXAMPLEKEY
Suspicious Activity Investigation Instructions:
- Review access logs in the Keeper Admin Console for unusual access patterns
- Check for unauthorized applications accessing the Secrets Manager
- Monitor for unusual volume or frequency of secret retrievals
- Verify if secrets have been accessed from unusual locations or IP addresses
- Review audit logs for any changes to secret permissions or configurations
Mitigation Instructions:
- Immediately revoke the compromised Secrets Manager key in the Keeper Admin
Console
- Generate a new Secrets Manager key for legitimate applications
- Update all applications using the old key with the newly generated key
- Review and adjust access permissions for the affected secrets
- Enable additional security controls such as IP restrictions if not already in place
- Consider implementing just-in-time access for critical secrets
- Review and update secret rotation policies to minimize exposure