IBM COS HMAC Credentials

Bridgecrew Policy ID: BC_GIT_8
Severity: LOW

IBM COS HMAC Credentials


IBM Cloud object storage (COS) is a format for storing unstructured data in the cloud.
HMAC credentials consist of an Access Key and Secret Key paired for use with S3-compatible tools and libraries that require authentication.

The IBM Cloud Object Storage API is a REST-based API for reading and writing objects. It uses IBM Cloud Identity and Access Management for authentication and authorization, and supports a subset of the S3 API for easy migration of applications to IBM Cloud.

Fix - Buildtime

IBM Cloud

Step 1: Revoke the exposed secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check IBM Cloud Object Storage Accesser server logs to ensure the key was not utilized during the compromised period.