Skip to content

Tanzu API Key

Service Name: VMware Tanzu

Service Description: VMware Tanzu is a suite of products and services for modernizing applications and infrastructure with a common goal: deliver better software to production. It provides tools for building, running, and managing modern applications on any cloud.

Service Address: https://tanzu.vmware.com/

Validation Type: -

IP Allow list: IP restrictions can be configured at the VMware Tanzu platform level through network policies and access controls.

Secret Access Scope: Grants programmatic access to VMware Tanzu services, including Kubernetes clusters, application services, and management APIs.

Secret Revokement URL: https://docs.vmware.com/en/VMware-Tanzu/services/tanzu-api-management/GUID-index.html

Secret Example: tanzu-api-1234567890abcdef1234567890abcdef

Suspicious Activity Investigation Instructions:

  • Review access logs in the Tanzu Mission Control or Tanzu Application Service dashboards
  • Check for unauthorized cluster access or application deployments
  • Monitor for unusual API calls or resource creation
  • Examine audit logs for unexpected configuration changes
  • Verify if there are any unauthorized users or service accounts created

Mitigation Instructions:

  • Log in to the VMware Tanzu portal or management console

  • Navigate to the API tokens or credentials management section

  • Locate the compromised API key and revoke/delete it
  • Generate a new API key if needed
  • Update any legitimate applications or services using the old key
  • Review and tighten access controls for API keys
  • Consider implementing shorter rotation periods for API keys
  • Enable additional security features like IP restrictions if available