HashiCorp Vault Unseal Key

Description

General

• Documentation: https://www.vaultproject.io/docs/concepts/seal

• Summary: HashiCorp Vault is a solution to securely store and manage access to secrets and systems based on trusted sources of application and user identity. This detector can detect unseal keys used to get access to the vault master key.

• IPs allowlist: This feature is not available.

• Scopes: Unsealing a vault requires entering a minimum number of different unseal keys. This number is defined when configuring the vault.

Revoke the secret

The process is documented in the Rekeying & Rotating Vault documentation.

Check for suspicious activity

This feature is not available.

Details for Hashicorp vault unseal key

• Family: Other

• Category: Secret management

• Company: HashiCorp

• High recall: False

• Validity check available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.35

• Prefixed: False

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - unseal[_ .-]?key

Examples

- text: |
    VAULT_UNSEAL_KEY_3="C3fk5Q0ANMFlbjQk4E0MKD8xRdNW0YbLA/0pfMSWEouI"
  apikey: C3fk5Q0ANMFlbjQk4E0MKD8xRdNW0YbLA/0pfMSWEouI

- text: |
    UNSEAL_KEY: BoK4FvGkefnzweuiciDcfrxYco43/45HgtrhtMSWZzOG
  apikey: BoK4FvGkefnzweuiciDcfrxYco43/45HgtrhtMSWZzOG

- text: |
    UNSEAL KEY: BoK4FvGkefnzweuiciDcfrxYco43/45HgtrhtMSWZzOG
  apikey: BoK4FvGkefnzweuiciDcfrxYco43/45HgtrhtMSWZzOG