Pinecone API Key
Service Name: Pinecone
Service Description: Pinecone is a vector database service that provides high-performance vector similarity search for machine learning applications, enabling efficient storage and retrieval of vector embeddings for AI applications like semantic search, recommendation systems, and more.
Service Address: https://www.pinecone.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level through Pinecone's security settings.
Secret Access Scope: Grants full access to manage and query vector databases within a Pinecone project, including creating indexes, inserting vectors, querying vectors, and managing metadata.
Secret Revokement URL: https://app.pinecone.io/organizations/\[org-id\]/projects/\[project-id\]/api-keys
Secret Example: bb8e7d42-7c54-4b01-9e9a-e8f47b384628
Suspicious Activity Investigation Instructions:
-
Review Pinecone logs for unusual query patterns or high volumes of requests
-
Check for unauthorized index creation or deletion
-
Monitor for data exfiltration through excessive vector retrievals
-
Examine API usage metrics for anomalous spikes in activity
-
Verify if the key has been used from unusual geographic locations
Mitigation Instructions:
-
Log in to the Pinecone console at
https://app.pinecone.io/ -
Navigate to your organization and project settings
-
Go to the API Keys section
-
Identify the compromised API key
-
Click "Revoke" or "Delete" to invalidate the key
-
Create a new API key with appropriate permissions
-
Update your applications with the new key
-
Consider implementing more restrictive permissions for the new key
-
Enable monitoring and alerts for unusual API activity
-
Review and update your secret management practices