Skip to main content

lacework-global-208

User has API keys (Automated)

Description

Alert when a user has API keys enabled. OCI access by administrators through API keys should only occur as an exception. Do not hard-code Identity and Access Management (IAM) credentials directly in software or documents to a wide audience. IAM API keys are credentials used to grant programmatic access to resources. Actual human users should not use API keys.

Remediation

From Console:

  1. Login to OCI console.

  2. Select Identity from Services menu.

  3. Select Users from Identity menu, or select Domains, select a domain, and select Users.

  4. Select the username of a user with an API key.

  5. Select API Keys from the menu in the lower left-hand corner.

  6. Delete any associated keys from the API Keys table.

  7. Repeat steps 3-6 for all users with an API key.

From CLI:

  1. For each user with an API key, execute the following command to retrieve API key details:

    oci iam user api-key list --user-id <user_id>

  2. For each API key, execute the following command to delete the key:

    oci iam user api-key delete --user-id <user_id> --fingerprint <api_key_fingerprint>

  3. The following message displays:

    Are you sure you want to delete this resource? [y/N]:

  4. Type 'y' and press 'Enter'.

References

https://docs.oracle.com/en-us/iaas/cloud-guard/using/detect-recipes.htm#detect-recipes-ref-config__USER_HAS_API_KEYS

Last updated on