OpenAI API Key
Service Name: OpenAI
Service Description: OpenAI is an AI research and deployment company that provides access to powerful language models like GPT-4, DALL-E, and other AI capabilities through its API platform.
Service Address: https://openai.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in OpenAI's dashboard.
Secret Access Scope: Grants programmatic access to OpenAI's models and services, including text generation, embeddings, fine-tuning, and image generation.
Secret Revokement URL: https://platform.openai.com/account/api-keys
Secret Example: sk-1234abcd5678efgh9012ijkl3456mnop7890qrst
Suspicious Activity Investigation Instructions:
- Review API usage logs in the OpenAI dashboard for unusual patterns or excessive requests.
- Check for unauthorized model access or unexpected usage spikes.
- Monitor billing for unexpected charges that might indicate unauthorized use.
- Verify if the key has been used from unusual geographic locations or IP addresses.
- Examine the types of requests made with the key to identify potential misuse.
Mitigation Instructions:
- Immediately revoke the compromised API key by navigating to the OpenAI API keys dashboard.
- Create a new API key to replace the compromised one.
- Update all legitimate applications and services to use the new API key.
- Implement proper secret management practices to store the new API key securely.
- Consider implementing usage limits and monitoring for the new API key.
- Review OpenAI's best practices for API key security and implement additional safeguards.
- If available, enable IP restrictions for your OpenAI organization to limit access to trusted networks.