Skip to content

OVH API Key

Service Name: OVH Cloud

Service Description: OVH is a global cloud service provider offering web hosting, dedicated servers, cloud computing, and telecommunications services. OVH API keys are used to authenticate and authorize API requests to OVH's services.

Service Address: https://www.ovh.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the API key level to limit access to specific IP addresses.

Secret Access Scope: Grants programmatic access to OVH Cloud resources and services based on the permissions assigned to the API key.

Secret Revokement URL: https://www.ovh.com/manager/#/dedicated/api/credentials

Secret Example: MC3BEbwPOp7sxjrnIJGKA8NIxRyqXQxS

Suspicious Activity Investigation Instructions:

  • Review API logs for unusual or unauthorized API calls
  • Check for resource modifications or creations that were not authorized
  • Monitor for unusual traffic patterns or access from unexpected locations
  • Verify if there are any new services or resources provisioned without authorization
  • Check for changes in billing or unexpected charges

Mitigation Instructions:

  • Log in to the OVH Control Panel at https://www.ovh.com/manager/
  • Navigate to the API section under "My Account"

  • Locate the compromised API key in the list of credentials

  • Click on the "Delete" button next to the compromised key
  • Generate a new API key with appropriate permissions if needed
  • Implement IP restrictions on the new API key to limit access
  • Review and update your secret management practices to prevent future

exposures

  • Audit all resources for unauthorized changes and revert if necessary