Kubernetes Service Account Token

Description

General

Documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/
Summary: Kubernetes is a system for automating deployment, scaling, and management of containerized applications. JSON Web Tokens are used for authentication in Kubernetes, often for service accounts or short-lived access tokens. These tokens are sensitive as they grant access to Kubernetes clusters and resources.
IPs allowlist: As of the time of writing this documentation, IP allowlisting for Kubernetes JWTs depends on the cluster configuration and provider.
Scopes: Kubernetes JWTs are tied to specific service accounts or users and inherit their permissions. Access can be limited by defining roles and role bindings in Kubernetes Role-Based Access Control (RBAC).

Revoke the secret

Kubernetes JWTs can be revoked by deleting the associated service account or regenerating the token. For short-lived tokens, expiration ensures automatic revocation.

Check for suspicious activity

Kubernetes logs API requests and authentication events, which can be reviewed to detect suspicious activity.

Details for `Kubernetes JSON Web Token`

Family: token
Category: other
Company: Kubernetes
High recall: False
Validity check available: False
Analyzer available: False
Minimum number of matches: 1
Occurrences found for one million commits: 3.14
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - \.ey

Examples

- text: |
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3fYINbatF4ZehO74aYC0WePZ4032oVddtU
  token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3fYINbatF4ZehO74aYC0WePZ4032oVddtU
# test underscore in K8S JWT
- text: |
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3_fYINbatF4ZehO74aYC0WePZ4032oVddtU
  token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3_fYINbatF4ZehO74aYC0WePZ4032oVddtU

Details for `Kubernetes JSON Web Token with host`

Family: token
Category: other
Company: Kubernetes
High recall: False
Validity check available: True
Analyzer available: False
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 1.8
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - \.ey

Examples

- text: |
    -    server: https://34.42.114.208
    -    token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3_fYINbatF4ZehO74aYC0WePZ4032oVddtU

  host: https://34.42.114.208
  token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpzdXBlcmFkbWluIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE4OTAwNDQ2ODAsImlzcyI6Imt1YmVybmV0ZXMvc2VydmljZWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L25hbWVzcGFjZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoic3VwZXJhZG1pbi10b2tlbi1jbXc3YyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJzdXBlcmFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNTJjNDk4MGUtNzA1MC0xMWU5LWIyMzItMDY5YWI4YmJhZjQ2In0.IXTEsiuDa3_fYINbatF4ZehO74aYC0WePZ4032oVddtU

Kubernetes Service Account Token

Description

General

Revoke the secret

Check for suspicious activity

Details for `Kubernetes JSON Web Token`

Examples

Details for `Kubernetes JSON Web Token with host`

Examples

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

General​

Revoke the secret​

Check for suspicious activity​

Details for Kubernetes JSON Web Token​

Examples​

Details for Kubernetes JSON Web Token with host​

Examples​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

General

Revoke the secret

Check for suspicious activity

Details for `Kubernetes JSON Web Token`

Examples

Details for `Kubernetes JSON Web Token with host`

Examples