Mailchimp Access Key
Bridgecrew Policy ID: BC_GIT_11
Severity: LOW
Mailchimp Access Key
Description
This check detects a Mailchimp access key referenced in your source code. The key enables an authenticated user to perform operational and management activities exposed by Mailchimp's developer API service.
Fix - Buildtime
Mailchimp
Step 1: Revoke Secret.
An activated API Key can be deactivated from the Mailchimp dashboard under the Extras/API Key tab.
- Go to https://us1.admin.mailchimp.com/account/api/ to open the API Keys section of your account.
- Find the API key you want to disable, and toggle the slider in the Status column for that API key.
- Find the API key you want to disable and click Disable.
- In the pop-up modal, click Disable.
Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
Step 3: Check the API calls logs in the Mailchimp dashboard to ensure the key was not utilized during the compromised period.
Updated 4 months ago