Skip to main content

IBM Cloud Key

Description

General

  • Documentation: https://cloud.ibm.com/docs
  • Summary: IBM Cloud provides a large variety of managed cloud services. The Identity and Access Management (IAM) tab of the IBM Cloud dashboard displays all the information on users rights and API keys created. An IBM cloud key can give access to infrastructure API and to resources.
  • IPs allowlist: Restrictions on IP addresses can be set in the IAM/settings tab of IBM Cloud dashboard.
  • Scopes: Scopes associated to each API key can be fine tuned in the IAM tab by creating roles and groups.

Revoke the secret

Secrets can be revoked from the same tab.

Check for suspicious activity

IBM Cloud offers a managed service to detect suspicious activities among the account resources. See documentation for more details.

Details for Ibm platform api key

  • Family: token

  • Category: cloud_provider

  • Company: IBM

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 3.67

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^crt$
    - ^pem$
  banlist_filenames:
    - package-lock\.json
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - ibm
    - watson

Examples

- text: ibm_platform_key=-_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR
  apikey: -_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR
- text: |
    toto
    ibm
    +-_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR
    hrello my
  apikey: -_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR
- text: ibm_platform_key=-_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR
  apikey: -_mSsEDVnuVh07HNSddnQx_b6CacPsxmCwaVm9P_VWxR

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: False
  • Total network call count: 4
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /apikeys/details
  • GET: /v2/resource_instances
  • POST: /identity/token
  • GET: /v2/accounts/***/users

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status