Skip to content

StrongDM Access Token

Service Name: StrongDM

Service Description: StrongDM is a secure infrastructure access platform that provides zero trust access to databases, servers, clusters, and web applications. It simplifies access management by providing a single source of truth for managing permissions across all infrastructure.

Service Address: https://www.strongdm.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the resource level through StrongDM's access policies.

Secret Access Scope: Grants programmatic access to the StrongDM API, allowing management of users, resources, and access controls within the StrongDM platform.

Secret Revokement URL: https://app.strongdm.com/app/admin/tokens

Secret Example: sdm_tk_012345abcdef6789ghijklmnopqrstuvwxyz0123

Suspicious Activity Investigation Instructions:

  • Review the StrongDM audit logs for unusual API calls or access patterns
  • Check for unauthorized resource access or permission changes
  • Monitor for unusual user activity or authentication attempts
  • Verify if there are any unexpected changes to access policies or resource configurations
  • Look for API calls from unusual IP addresses or outside normal business hours

Mitigation Instructions:

  • Log in to the StrongDM Admin UI at https://app.strongdm.com/

  • Navigate to Admin > API Tokens

  • Locate the compromised token in the list
  • Click the "Revoke" button next to the token
  • Generate a new token if needed, with appropriate permissions
  • Update any legitimate applications or services that were using the revoked

token

  • Review access logs to determine the scope of potential compromise
  • Consider implementing more restrictive token permissions using role-based

access controls