Twilio Access Key
Description
Twilio Access Tokens are short-lived tokens that you can use to authenticate Twilio Client SDKs like Voice, Conversations, Sync, and Video. You create them on your server to verify a client's identity and grant access to client API features. All tokens have a limited lifetime, configurable up to 24 hours. However, a best practice is to generate Access Tokens for the shortest amount of time feasible for your application.
Code Example
text
{
"DELETE https://api.twilio.com/2010-04-01/Accounts/{AccountSid}/Keys/{Sid}.json",
}Remediation
Twilio
. Revoke the exposed secret. + The following method deletes an API Key. + This revokes its authorization to authenticate to the REST API and invalidates all Access Tokens generated using its secret. + If the delete is successful, Twilio will return an HTTP 204 response with no body. +
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1316 |
| Severity | LOW |
| IaC Type | secrets |
| Frameworks | Git |
| Checkov ID | CKV_SECRET_18 |