Sttor Documentation

Appearance

Cloud Credentials

This category focuses on credentials that can grant access to infrastructure and data.

Examples Include:

  • AWS access keys, secret keys, session tokens
  • GCP service account keys
  • Azure client secrets, connection strings
  • Kubernetes configs or cluster credentials
  • Database credentials embedded in configs

Why This is Treated as High Severity

Cloud credentials often have broad blast radius:

  • Data leakage
  • Infrastructure takeover
  • Lateral movement
  • Long-lived persistence if not rotated

DevSecOps Bot prioritizes these findings and encourages immediate rotation.

Copyright © 2026 Sttor