Skip to content

Looker Embed Secret

Service Name: Looker (Google Cloud)

Service Description: Looker is a business intelligence software and big data analytics platform that helps organizations explore, analyze, and share real-time business analytics. It allows users to create and share dashboards, reports, and visualizations based on their data.

Service Address: https://looker.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Looker instance level through allowlisting specific IP addresses or ranges.

Secret Access Scope: Looker embed secrets grant access to embed Looker dashboards, looks, and explores into third-party applications. These secrets allow for secure embedding of Looker content with specific user permissions.

Secret Revokement URL: https://docs.looker.com/admin-options/settings/embed

Secret Example: abcdef123456789ghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ

Suspicious Activity Investigation Instructions:

  • Review Looker admin logs for unusual embedding activity or unauthorized access attempts
  • Check for unexpected embedded content appearing in applications
  • Monitor for unusual traffic patterns to embedded Looker content
  • Review user activity logs for any suspicious actions related to embedded content
  • Check for unauthorized changes to embed settings or permissions

Mitigation Instructions:

  • Log in to your Looker instance as an administrator
  • Navigate to Admin > Embed in the Looker interface
  • Locate the compromised embed secret
  • Click "Disable" to immediately revoke access for the secret
  • Generate a new embed secret if needed for legitimate use cases
  • Update any legitimate applications with the new embed secret
  • Review and restrict embed domains to only authorized websites
  • Consider implementing additional IP restrictions for embed access
  • Audit all embed usage and permissions to ensure proper configuration