Skip to content

Sidekiq API Key

Service Name: Sidekiq

Service Description: Sidekiq is a background job processing system for Ruby applications. It uses Redis to store all of its job and operational data, and provides a web UI for monitoring and managing background jobs.

Service Address: https://sidekiq.org/

Validation Type: API Auth

IP Allow list: Does not exist at the secret level, but can be implemented at the application level through Redis configuration or web UI access controls.

Secret Access Scope: Grants access to the Sidekiq web UI and potentially allows management of background jobs, including viewing job data, retrying failed jobs, and deleting jobs.

Secret Revokement URL: Does not exist (managed within the application configuration)

Secret Example: sidekiq_api_token_7f4d6s8a9f7d6a4s98f7d6as4f87d6

Suspicious Activity Investigation Instructions:

  • Review Redis logs for unusual access patterns or commands
  • Check application logs for unexpected job creations, modifications, or deletions
  • Monitor for unusual spikes in job processing or failures
  • Examine web UI access logs for unauthorized access attempts
  • Verify if sensitive data might have been exposed in job payloads

Mitigation Instructions:

  • Generate a new Sidekiq API key in your application configuration
  • Update the key in all legitimate application instances

  • Ensure Redis is properly secured with authentication and network controls

  • Consider implementing IP restrictions for the Sidekiq web UI
  • Review and update the web UI authentication mechanism (consider using

Devise or another robust authentication system)

  • Audit job classes to ensure they don't contain sensitive information in their

parameters

  • Consider encrypting sensitive job parameters if necessary