Vault Namespace Token
Service Name: HashiCorp Vault
Service Description: HashiCorp Vault is a secrets management tool that securely stores and controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing.
Service Address: https://www.vaultproject.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through Vault's access control policies and network segmentation.
Secret Access Scope: Grants access to specific namespaces within a Vault instance, allowing management of secrets, policies, and authentication methods within that namespace.
Secret Revokement URL: https://developer.hashicorp.com/vault/api-docs/auth/token#revoke-token
Secret Example: hvs.CAESIJyR7yPdZ7Tn2wcGrGjFVvBGOu1HFuTgLJ11C1NdYvKnGh4KHGh2cy5ZTU9QY1VwM3ZQeENwVjdOMUZNVnNJZmU
Suspicious Activity Investigation Instructions:
- Review Vault audit logs for unusual token usage patterns or access attempts
- Check for unauthorized namespace access or policy violations
- Monitor for unusual secret access or creation within the namespace
- Verify token creation and usage against expected patterns
- Examine token metadata for unexpected changes or configurations
Mitigation Instructions:
- Immediately revoke the compromised token using Vault's API or UI
- Rotate any secrets that may have been accessed by the compromised token
- Review and update namespace policies to enforce the Principle of Least Privilege.
- Enable or review token TTL (Time-To-Live) settings to ensure tokens expire appropriately.
- Implement or review Vault's response wrapping feature for sensitive token issuance.
- Consider implementing Vault Enterprise's Sentinel policies for additional security controls.
- Update audit logging to capture more detailed information about token usage