Oracle Cloud API Key
Service Name: Oracle Cloud Infrastructure
Service Description: Oracle Cloud Infrastructure (OCI) is Oracle's cloud computing platform that provides a wide range of cloud services including compute, storage, networking, databases, and more. API keys are used for authenticating with OCI APIs.
Service Address: https://www.oracle.com/cloud/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the network security level using Security Lists, Network Security Groups, and VCN (Virtual Cloud Network) configurations.
Secret Access Scope: Grants programmatic access to Oracle Cloud Infrastructure resources and services based on the permissions of the user the API key is associated with.
Secret Revokement URL: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#Managing_Keys_and_OCIDs
Secret Example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hgk5OE4zNYI9RTE3fK4LCQnVFGJuX CG/ZXzjcbqODmUzEr5GsH+7yUDTnFJUTHyZnLuZtEjIHGn0SbXnMFmCECKKLXELbQO8BLP0MsOQ 9QGQ/TDTgjTNI0XqgKRJZznh/RVv+5lFNNJA9jY0eCCGGU0jIGVIHK4qw4o4ew4s7JY1UhQTTIU n5JZEEWxjGBnWrX6ufHQZUVh1q9fYyUeKjkS
Suspicious Activity Investigation Instructions:
- Review OCI Audit logs for unusual API calls or resource access
- Check for unauthorized changes to resources or configurations
- Monitor for unusual geographic access patterns
-
Examine resource usage for unexpected spikes or anomalies
-
Review network traffic patterns for suspicious connections
Mitigation Instructions:
- Log in to the Oracle Cloud Infrastructure Console
- Navigate to Identity > Users > User Details
- Select the API Keys tab
- Locate the compromised API key
- Click Delete to revoke the key
- Generate a new API key if needed
- Review and update IAM policies to limit access
- Enable multi-factor authentication for the affected user
- Consider implementing a key rotation policy
- Monitor for any continued unauthorized access