Mods

turbot/ibm_compliance

GitHub
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Remediation
Usage
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: 1.3 Ensure API keys are rotated every 90 days

Description

Replace production API keys with new API keys regularly, every 90 days for example, as a best practice to secure your account.

Remediation

From Console

To create new API key, complete the following steps:

  1. Log in to IBM Cloud.
  2. From the Menu bar, click Manage > Access (IAM) > API keys.
  3. Click Create an IBM Cloud API key. To rotate an API key, replace an old API key anywhere it is used with the newly created API key.

Delete an old API key:

  1. Log in to IBM Cloud.
  2. From the Menu bar, click Manage > Access (IAM) > API keys.
  3. Identify the API key you want to delete, and from the Actions menu, select Delete.

Usage

Run the control in your terminal:

steampipe check ibm_compliance.control.cis_v100_1_3

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share ibm_compliance.control.cis_v100_1_3

SQL

This control uses a named query:

iam_user_api_key_age_90

Tags

category = Compliance
cis = true
cis_item_id = 1.3
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM