Cloudflare Certificate Authority Keys
Description
General
-
Documentation: https://api.cloudflare.com/
-
Summary: Cloudflare provides a Certificate Authority (CA) service to issue and manage TLS certificates for websites and applications. CA Keys are used to authenticate and interact with Cloudflare's API for certificate management tasks, such as issuing, renewing, or revoking certificates. These keys are highly sensitive as they grant access to critical security infrastructure. CA Keys are one of the authentication methods available alongside API tokens and Global API Keys.
-
IPs allowlist: As of the time of writing this documentation, IP allowlisting is not supported for CA Keys.
-
Scopes: CA Keys do not support custom scopes. They provide full access to certificate management functionalities within the Cloudflare API. Permissions are tied to the account associated with the CA Key.
Revoke the secret
CA Keys can only be revoked or regenerated through the Cloudflare dashboard. Navigate to the API Tokens section and regenerate the CA Key to revoke the old one.
Check for suspicious activity
Cloudflare provides audit logs to monitor activity related to CA Keys and certificate management. These logs can be accessed via the Cloudflare dashboard. For more details, refer to the audit logs documentation.
Details for Cloudflare Key
-
Family: token
-
Category: cdn
-
Company: Cloudflare
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 0.03
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- cloudflare
- type: ContentWhitelistPreValidator
patterns:
- v1\.0-
Examples
- text: |
"curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \
-H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"
apikey: 'v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a'
- text: |
"curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374033242543" \
-H "X-Auth-User-Service-Key: v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165"
apikey: 'v1.0-125a8b5519b126526fc3640d-4734f25dc3e1f768241132453456747648735645637653785ccc7570dda15e8fa31cd2ba0888249be88800f8ac21998d8cee2016ebca71588c5ad4034b3cfcefe5c30aea43141165'
- text: |
"curl -X DELETE "https://api.cloudflare.com/client/v4/certificates/3664634374038615934" \
-H "X-Auth-User-Service-Key: v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a"
apikey: 'v1.0-e24fe050c02dfcaccb4de8f5ee247fb5c78b48646fdf0ce76b29f94a0f90756b-cfa33fe60e8e34073c149323454383fc9005d25c9b4c502c2f063457ef65322eade065975001a0b4b4c591c5e1bd36a6e8f7e2d4fa8a9ec01c64c041e99530c2-07b9efe0acd78c82c8d9c690aacb8656d81c369246d7f996a205fe3c18e9254a'
