IBM Cloud IAM Key
Bridgecrew Policy ID: BC_GIT_7
Severity: LOW
IBM Cloud IAM Key
Description
The IBM Cloud Identity and Access Management (IAM) service manages keys that can give access to infrastructure API and to resources.
Fix - Buildtime
IBM Cloud
Step 1: Revoke the exposed secret.
To delete an API key, complete the following steps:
- In the console, go to Manage > Access (IAM) > API keys.
- Identify the row of the API key that you want to delete, and select Delete from the Actions List of actions icon menu.
- Then, confirm the deletion by clicking Delete.
Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
Step 3: Check any relevant access logs to ensure the key was not utilized during the compromised period.
Updated 8 months ago