Cloudant IAM

Description

General

• Documentation: https://cloud.ibm.com/apidocs/cloudant
• Summary: Cloudant is an IBM cloud-based managed service, offering a document-oriented and distributed database. The service can be accessed via API calls using IAM (Identity and Access Management) authentication. This method involves using an apikey for authentication, which is tied to an IAM-enabled service ID or user. IAM authentication provides fine-grained access control and is the recommended method for securing Cloudant resources. For more details, refer to the IAM authentication guide.
• IPs allowlist: IBM Cloudant customers with a dedicated environment can configure IP allowlisting to restrict access to their Cloudant instance. This feature is available for enhanced security. For more information, see the security documentation.
• Scopes: IAM credentials for Cloudant can be assigned specific roles and permissions when created. These roles determine the level of access to Cloudant resources, such as read-only, writer, or manager. Roles can be managed via the IBM Cloud IAM dashboard or the Cloudant service dashboard.

Revoke the secret

IAM API keys can be revoked at any time through the IBM Cloud IAM dashboard. Navigate to the Service IDs or API Keys section, locate the key associated with Cloudant, and delete or disable it.

Check for suspicious activity

As of the time of writing this documentation, IBM Cloudant does not provide a dedicated feature for monitoring suspicious activity specifically for IAM credentials. However, general API usage and access logs can be reviewed through IBM Cloud Activity Tracker. For more details, refer to the Activity Tracker documentation.

Details for Cloudant iam

• Family: credentials

• Category: cloud_provider

• Company: IBM

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.84

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - bluemix

Examples

- text: |
    CloudantUserName = 'acc11338-123c-456a-a201-c531d9e0f5b3-bluemix'
    CloudantApiKey = '125VECoGGEGmMp0ABCucP78d1_o1l0s2rPvqOgka1Ney'

  client_id: acc11338-123c-456a-a201-c531d9e0f5b3-bluemix
  apikey: 125VECoGGEGmMp0ABCucP78d1_o1l0s2rPvqOgka1Ney
- text: CloudantUserName = 'acc11338-123c-456a-a201-c531d9e0f5b3-bluemix' CloudantApiKey = '125VECoGGEGmMp0ABCucP78d1_o1l0s2rPvqOgka1Ney'

  client_id: acc11338-123c-456a-a201-c531d9e0f5b3-bluemix
  apikey: 125VECoGGEGmMp0ABCucP78d1_o1l0s2rPvqOgka1Ney