Skip to content

Vault Namespace Token

Service Name: HashiCorp Vault

Service Description: HashiCorp Vault is a secrets management tool that securely stores and controls access to tokens, passwords, certificates, API keys, and other secrets. It handles leasing, key revocation, key rolling, and auditing.

Service Address: https://www.vaultproject.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through Vault's access control policies and network segmentation.

Secret Access Scope: Grants access to specific namespaces within a Vault instance, allowing management of secrets, policies, and authentication methods within that namespace.

Secret Revokement URL: https://developer.hashicorp.com/vault/api-docs/auth/token#revoke-token

Secret Example: hvs.CAESIJyR7yPdZ7Tn2wcGrGjFVvBGOu1HFuTgLJ11C1NdYvKnGh4KHGh2cy5ZTU9QY1VwM3ZQeENwVjdOMUZNVnNJZmU

Suspicious Activity Investigation Instructions:

  • Review Vault audit logs for unusual token usage patterns or access attempts
  • Check for unauthorized namespace access or policy violations
  • Monitor for unusual secret access or creation within the namespace
  • Verify token creation and usage against expected patterns
  • Examine token metadata for unexpected changes or configurations

Mitigation Instructions:

  • Immediately revoke the compromised token using Vault's API or UI
  • Rotate any secrets that may have been accessed by the compromised token
  • Review and update namespace policies to enforce the Principle of Least Privilege.
  • Enable or review token TTL (Time-To-Live) settings to ensure tokens expire appropriately.
  • Implement or review Vault's response wrapping feature for sensitive token issuance.
  • Consider implementing Vault Enterprise's Sentinel policies for additional security controls.
  • Update audit logging to capture more detailed information about token usage