Artifactory Credentials
Description
Artifactory is a Repository Manager that functions as a single access point organizing all of your binary resources including proprietary libraries, remote artifacts and other 3rd party resources.
Code Example
text
{
"## Revoke API Key
Description: Revokes the current user's API key
Since: 4.3.0
Usage: DELETE /api/security/apiKey
Produces: application/json
## Revoke User API Key
Description: Revokes the API key of another user
Since: 4.3.0
Security: Requires a privileged user (Admin only)
Usage: DELETE /api/security/apiKey/{username}
Produces: application/json
## Revoke All API Keys
Description: Revokes all API keys currently defined in the system
Since: 4.3.0
Security: Requires a privileged user (Admin only)
Usage: DELETE /api/security/apiKey?deleteAll={0/1}
Produces: application/json",
}Remediation
Artifactory
. Revoke the exposed secret. + The key can be revoked from the user profile or through the API. +
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1300 |
| Severity | MEDIUM |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_1 |