OVH API Key
Service Name: OVH Cloud
Service Description: OVH is a global cloud service provider offering web hosting, dedicated servers, cloud computing, and telecommunications services. OVH API keys are used to authenticate and authorize API requests to OVH's services.
Service Address: https://www.ovh.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the API key level to limit access to specific IP addresses.
Secret Access Scope: Grants programmatic access to OVH Cloud resources and services based on the permissions assigned to the API key.
Secret Revokement URL: https://www.ovh.com/manager/#/dedicated/api/credentials
Secret Example: MC3BEbwPOp7sxjrnIJGKA8NIxRyqXQxS
Suspicious Activity Investigation Instructions:
- Review API logs for unusual or unauthorized API calls
- Check for resource modifications or creations that were not authorized
- Monitor for unusual traffic patterns or access from unexpected locations
- Verify if there are any new services or resources provisioned without authorization
- Check for changes in billing or unexpected charges
Mitigation Instructions:
- Log in to the OVH Control Panel at https://www.ovh.com/manager/
-
Navigate to the API section under "My Account"
-
Locate the compromised API key in the list of credentials
- Click on the "Delete" button next to the compromised key
- Generate a new API key with appropriate permissions if needed
- Implement IP restrictions on the new API key to limit access
- Review and update your secret management practices to prevent future
exposures
- Audit all resources for unauthorized changes and revert if necessary