Help Center> Data Security Center> User Guide> Data Risk Detection> Viewing and Handling Access Key Leaks
Updated on 2023-11-16 GMT+08:00
View PDF

Viewing and Handling Access Key Leaks

DSC detects leaks of access keys in the Git code that contain Huawei Cloud AKs and SKs, and displays the detection results in a list. You can handle leak events as required.

Prerequisites

You have obtained credentials for logging in to the management console.

Procedures

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Data Security Center.
  4. In the navigation pane, choose Risk Detection. On the displayed page, click the Access Key Leak Detection tab.

    Table 1 Parameters of a detected access key leak event

    Parameter

    Description

    Access Key ID

    Access key ID (AK).

    You can click Go to Access Keys to switch to the access key management page where you can create, modify, enable or disable, or delete an access key.

    Intelligence Source

    Source of the access key leak event detected, for example, GitHub.

    Account Affected

    Account affected by the access key leak

    Leak Type

    Type of the access key leakage event

    First Detection Time

    Time when the leak event is detected for the first time

    Status

    An access key leak event has the following statuses:

    • To be handled indicates the access key leak event has not been handled.
    • Manually deleted indicates that the leaked access key and the related information have been manually deleted or hidden on GitHub.
    • Manually disabled indicates that the leaked access key has been disabled and reset (or directly deleted) on the access key management console.
    • Whitelisted indicates that the leaked access key has been added to the whitelist. An alarm will not be generated for the leak of the access key that has been added to the whitelist.

  5. Click View in the Operation column to view the details about a detected access key lead event, including the details, code snippet, and tips.
  6. Handle the event according to the tips. Click Handle in the Operation column.
  7. In the displayed dialog box, select a handling method, and click OK.

    The handling methods are as follows:

    • Manually Delete Access Key: Log in to GitHub and manually delete or hide the leaked access key and its related information.
    • Manually Disable Access Key: Log in to the Access Key management console and disable and reset the access key (or delete it).
    • Add Access Key to Whitelist: There is no need to handle the event because this event has no security risks. An alarm will not be generated for the leak of the access key that has been added to the whitelist.

Parent topic: Data Risk Detection