Visible private key or sensitive file
Private keys such as SSH pem, p12 and private certificates are one source of proving, issuing and validating identities. As such, they should be kept safely and securely, and even more so, in a specialized store.
Other files such as ZSH history, DB manager apps, FTP app configuration, and more store your sensitive information such as hosts, passwords and keys as configuration.
More over, these files should be encrypted and set with the correct permission (if applicable) for securing and monitoring access.
Problem
We have found a visible private key, app configuration file, history file, stored plainly, in code, infrastructure, or configuration repository.
Fix
Delete and remove temporary configuration files, misplaced configuration files, and finally apply the following best practices if relevant:
Infrastructure
- Use a cloud-native secret store, such as AWS Secrets Manager
- Use a dedicated vault product, such as:
Architecture
See
Updated over 1 year ago