Control: 1.5 Ensure no owner account API key exists


API keys by definition allow access to your account and resources in your account. The API key inherits all assigned access for the user identity for which it is created, therefore an API key created by an account owner has account-owner level access to resources in the account.


From Console

To delete an API key, complete the following steps:

  1. Login as the account owner at cloud.ibm.com
  2. In the console, go to Manage -> Access (IAM)
  3. Click on API keys
  4. Identify the row of the API key that you want to delete and select Delete from the Actions List of actions icon menu (found on the right hand side of the row).
  5. Then, confirm the deletion by clicking Delete.5. Then, confirm the deletion by clicking Delete.


Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_5 --share


This control uses a named query: