Redis Cloud API Key
Service Name: Redis Cloud
Service Description: Redis Cloud is a fully managed Database-as-a-Service (DBaaS) offering from Redis Labs that provides enterprise-grade Redis deployments in the cloud. It offers high availability, scalability, and performance for Redis databases with various deployment options across multiple cloud providers.
Service Address: https://redis.com/redis-enterprise-cloud/overview/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Redis Cloud's security settings.
Secret Access Scope: Redis Cloud API keys grant programmatic access to manage Redis Cloud resources, including creating, modifying, and deleting databases, viewing account information, and managing configurations.
Secret Revokement URL: https://app.redislabs.com/#/account
Secret Example: 7f1e123a-b456-7c89-d012-e34f56a7b8c9
Suspicious Activity Investigation Instructions:
-
Review Redis Cloud audit logs for unusual API calls or database access patterns
-
Check for unauthorized database creation or modification
-
Monitor for unexpected changes to database configurations or settings
-
Verify if there are any unusual access patterns from unfamiliar IP addresses
-
Review account activity for unauthorized user additions or permission changes
Mitigation Instructions:
-
Log in to your Redis Cloud account at
https://app.redislabs.com/ -
Navigate to the Account settings section
-
Select the API Keys tab
-
Locate the compromised API key
-
Click the Delete button next to the key to revoke it
-
Create a new API key with appropriate permissions if needed
-
Update any applications or services using the old key with the new key
-
Consider implementing IP restrictions for the new API key
-
Review and update security policies for handling API keys