Skip to content

Scaleway Token

Service Name: Scaleway

Service Description: Scaleway is a European cloud provider offering a range of cloud computing services including compute instances, Kubernetes, object storage, databases, and serverless functions. It provides infrastructure as a service (IaaS) and platform as a service (PaaS) solutions.

Service Address: https://www.scaleway.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level through Security Groups.

Secret Access Scope: Grants programmatic access to Scaleway resources and APIs, allowing management of compute instances, storage, databases, and other Scaleway services.

Secret Revokement URL: https://console.scaleway.com/iam/api-keys

Secret Example: SCW.XXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review the API logs in the Scaleway console for unusual API calls or resource access.
  • Check for unexpected resource creation or deletion (instances, storage buckets, databases).
  • Monitor for unusual traffic patterns or unexpected outbound connections from your instances.
  • Verify if there are any unauthorized users added to your projects.
  • Check for unexpected changes in billing or resource usage.

Mitigation Instructions:

  • Log in to the Scaleway Console at https://console.scaleway.com/
  • Navigate to IAM & Organization > API Keys section.
  • Locate the compromised API key.
  • Click on the three dots menu next to the key and select "Revoke".
  • Confirm the revocation.
  • Create a new API key if needed.
  • Review all resources for unauthorized changes or backdoors.
  • Update any applications or services that were using the compromised key.
  • Consider implementing more restrictive security policies, such as limiting API key permissions.
  • Enable audit logging for better visibility into API usage.