Skip to content

Pinecone API Key

Service Name: Pinecone

Service Description: Pinecone is a vector database service that provides high-performance vector similarity search for machine learning applications, enabling efficient storage and retrieval of vector embeddings for AI applications like semantic search, recommendation systems, and more.

Service Address: https://www.pinecone.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level through Pinecone's security settings.

Secret Access Scope: Grants full access to manage and query vector databases within a Pinecone project, including creating indexes, inserting vectors, querying vectors, and managing metadata.

Secret Revokement URL: https://app.pinecone.io/organizations/\[org-id\]/projects/\[project-id\]/api-keys

Secret Example: bb8e7d42-7c54-4b01-9e9a-e8f47b384628

Suspicious Activity Investigation Instructions:

  • Review Pinecone logs for unusual query patterns or high volumes of requests

  • Check for unauthorized index creation or deletion

  • Monitor for data exfiltration through excessive vector retrievals

  • Examine API usage metrics for anomalous spikes in activity

  • Verify if the key has been used from unusual geographic locations

Mitigation Instructions:

  • Log in to the Pinecone console at https://app.pinecone.io/

  • Navigate to your organization and project settings

  • Go to the API Keys section

  • Identify the compromised API key

  • Click "Revoke" or "Delete" to invalidate the key

  • Create a new API key with appropriate permissions

  • Update your applications with the new key

  • Consider implementing more restrictive permissions for the new key

  • Enable monitoring and alerts for unusual API activity

  • Review and update your secret management practices