lacework-global-208
User has API keys (Automated)
Description
Alert when a user has API keys enabled. OCI access by administrators through API keys should only occur as an exception. Do not hard-code Identity and Access Management (IAM) credentials directly in software or documents to a wide audience. IAM API keys are credentials used to grant programmatic access to resources. Actual human users should not use API keys.
Remediation
From Console:
- Login to OCI console.
- Select Identity from Services menu.
- Select Users from Identity menu, or select Domains, select a domain, and select Users.
- Select the username of a user with an API key.
- Select API Keys from the menu in the lower left-hand corner.
- Delete any associated keys from the API Keys table.
- Repeat steps 3-6 for all users with an API key.
From CLI:
For each user with an API key, execute the following command to retrieve API key details:
oci iam user api-key list --user-id <user_id>
For each API key, execute the following command to delete the key:
oci iam user api-key delete --user-id <user_id> --fingerprint <api_key_fingerprint>
The following message displays:
Are you sure you want to delete this resource? [y/N]:
Type 'y' and press 'Enter'.