Keywhiz API Key
Service Name: Keywhiz
Service Description: Keywhiz is a system for managing and distributing secrets like API keys, certificates, and passwords. It was developed by Square to help manage secrets across their infrastructure securely. Keywhiz provides a centralized system for storing, accessing, and distributing secrets to authorized services and applications.
Service Address: https://square.github.io/keywhiz/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Keywhiz server level through access controls.
Secret Access Scope: Grants programmatic access to the Keywhiz API for managing secrets, including creating, retrieving, updating, and deleting secrets stored in the Keywhiz server.
Secret Revokement URL: https://square.github.io/keywhiz/apidocs/ (Specific revocation would be done through the Keywhiz admin interface)
Secret Example: kw_api_3a7c4f8b2e1d9a0e5f6b7c8d9e0f1a2b3c4d5e6f
Suspicious Activity Investigation Instructions:
- Review Keywhiz server logs for unusual API calls or access patterns
- Check for unauthorized secret access or modifications
- Monitor for unusual volume of secret retrievals
- Verify client authentication attempts and failures
- Examine audit logs for access from unexpected IP addresses or outside normal hours
Mitigation Instructions:
- Immediately rotate the compromised API key through the Keywhiz admin
interface
- Revoke the compromised API key and generate a new one
- Update all authorized applications with the new API key
- Review and update access control policies for the affected secrets
- Audit all secrets that may have been accessed using the compromised key
- Consider implementing more restrictive IP-based access controls
- Enable enhanced logging and monitoring for the new API key