Mailchimp Access Key

Bridgecrew Policy ID: BC_GIT_11
Severity: LOW

Mailchimp Access Key

Description

This check detects a Mailchimp access key referenced in your source code. The key enables an authenticated user to perform operational and management activities exposed by Mailchimp's developer API service.

Fix - Buildtime

Mailchimp

Step 1: Revoke Secret.
An activated API Key can be deactivated from the Mailchimp dashboard under the Extras/API Key tab.

  1. Go to https://us1.admin.mailchimp.com/account/api/ to open the API Keys section of your account.
  2. Find the API key you want to disable, and toggle the slider in the Status column for that API key.
  3. Find the API key you want to disable and click Disable.
  4. In the pop-up modal, click Disable.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check the API calls logs in the Mailchimp dashboard to ensure the key was not utilized during the compromised period.