Vultr API Key
Service Name: Vultr
Service Description: Vultr is a cloud infrastructure provider offering virtual private servers (VPS), dedicated servers, bare metal servers, cloud compute, and storage solutions with a global network of data centers.
Service Address: https://www.vultr.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Vultr control panel under API settings.
Secret Access Scope: Grants programmatic access to manage Vultr resources including servers, networking, storage, and other cloud infrastructure components.
Secret Revokement URL: https://my.vultr.com/settings/#settingsapi
Secret Example: VULTR-API-KEY-7a8b9c0d1e2f3g4h5i6j7k8l9m0n1o2p
Suspicious Activity Investigation Instructions:
- Review the Vultr audit logs for unusual API calls or resource creation.
- Check for unauthorized server deployments or modifications to existing infrastructure.
- Monitor for unexpected billing increases that may indicate resource abuse.
- Verify IP addresses that have been accessing the API against known legitimate sources.
- Review network traffic patterns for any unusual data transfers or connections.
Mitigation Instructions:
- Log in to your Vultr account at https://my.vultr.com/.
- Navigate to Account > API in the left sidebar.
- Locate the compromised API key and click "Revoke" to immediately invalidate it.
- Generate a new API key if needed for legitimate services.
- Consider enabling IP access restrictions for the new API key.
- Review and update any applications, scripts, or services that were using the old API key.
- Monitor account activity for several days after key rotation to ensure no unauthorized access continues.