v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 1.3 Ensure API keys are rotated every 90 days

Description

Replace production API keys with new API keys regularly, every 90 days for example, as a best practice to secure your account.

Remediation

From Console

To create new API key, complete the following steps:

  1. Log in to IBM Cloud.
  2. From the Menu bar, click Manage > Access (IAM) > API keys.
  3. Click Create an IBM Cloud API key. To rotate an API key, replace an old API key anywhere it is used with the newly created API key.

Delete an old API key:

  1. Log in to IBM Cloud.
  2. From the Menu bar, click Manage > Access (IAM) > API keys.
  3. Identify the API key you want to delete, and from the Actions menu, select Delete.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_3 --share

SQL

This control uses a named query:

iam_user_api_key_age_90

Tags

category = Compliance
cis = true
cis_item_id = 1.3
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM