Alibaba Cloud Keys

Bridgecrew Policy ID: BC_GIT_23
Checkov Check ID: CKV_SECRET_23
Severity: LOW

Alibaba Cloud Keys


Alibaba Cloud Key Management Service (KMS) provides secure and compliant key management and cryptography services to help you encrypt and protect sensitive data assets. KMS is integrated with a wide range of Alibaba Cloud services to allow you to encrypt data across the cloud and to control its distributed environment. KMS provides key usage logs via ActionTrail, supports custom key rotation, and provides HSMs that have passed FIPS 140-2 Level 3 or other relevant validation, to help you meet your regulatory and compliance needs.

Fix - Buildtime


Fix - Delete

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click the username of a specific RAM user.
  4. In the User AccessKeys section of the page that appears, find the specific AccessKey pair and click Delete in 5. the Actions column.
  5. Click OK.

Fix - Rotate

  1. Create an AccessKey pair for rotation.
  2. Update all applications and systems to use the new AccessKey pair.
  3. Disable the original AccessKey pair.
  4. Confirm that your applications and systems are properly running. If the applications and systems are properly running, the update succeeds. You can delete the original AccessKey pair.
  5. If an application or system stops running, you must enable the original AccessKey pair, and repeat Step 2 to Step 4 until the update succeeds.
  6. Delete the original AccessKey pair. For more information, see Delete an AccessKey pair.