IBM Cloud IAM Key

Bridgecrew Policy ID: BC_GIT_7
Severity: LOW

IBM Cloud IAM Key

Description

The IBM Cloud Identity and Access Management (IAM) service manages keys that can give access to infrastructure API and to resources.

Fix - Buildtime

IBM Cloud

Step 1: Revoke the exposed secret.
To delete an API key, complete the following steps:

  1. In the console, go to Manage > Access (IAM) > API keys.
  2. Identify the row of the API key that you want to delete, and select Delete from the Actions List of actions icon menu.
  3. Then, confirm the deletion by clicking Delete.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check any relevant access logs to ensure the key was not utilized during the compromised period.