IBM COS HMAC Credentials
Description
IBM Cloud object storage (COS) is a format for storing unstructured data in the cloud. HMAC credentials consist of an Access Key and Secret Key paired for use with S3-compatible tools and libraries that require authentication. The IBM Cloud Object Storage API is a REST-based API for reading and writing objects. It uses IBM Cloud Identity and Access Management for authentication and authorization, and supports a subset of the S3 API for easy migration of applications to IBM Cloud.
Remediation
IBM Cloud
. Revoke the exposed secret.
. Clean the git history. + Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
. Check IBM Cloud Object Storage Accesser server logs to ensure the key was not utilized during the compromised period.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1307 |
| Severity | LOW |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_8 |