Help Center/ SecMaster/ User Guide/ Playbook Overview/ Abnormal AccessKey Leakage Risk Scanning
Updated on 2026-02-06 GMT+08:00
View PDF
Share

Abnormal AccessKey Leakage Risk Scanning

Playbook Overview

The Abnormal AccessKey leakage risk scanning playbook has been associated with the Abnormal AccessKey leakage risk scanning workflow. This playbook scans GitHub for leaked AK/SK pairs at 00:00 every day. If any leaked AK/SK pairs are found, SecMaster automatically adds an attack alert of the AKSK Leakage type.

You need to enable this playbook manually.

After the playbook is enabled, it will be triggered at 00:00 every day.

Prerequisites

  • SecMaster requires the iam:credentials:listCredentials (for querying all permanent access keys) and iam:users:listUsers (for querying the user list) permissions to query keys. For details about how to view SecMaster agency, see Checking the Agency Authorization. If SecMaster does not have iam:credentials:listCredentials or iam:users:listUsers permissions, create an agency by referring to (Optional) Creating and Agency.
  • Your SecMaster professional edition is available.

Limitations and Constraints

This function applies only to Huawei Cloud account credentials. It is not applicable to credentials in other service systems.

Checking the Agency Authorization

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. In the navigation pane on the left, choose Agencies. On the page displayed, click SecMaster_Agency. The Basic Information page of SecMaster_Agency is displayed by default.
  4. Click the Permissions tab and view the permissions granted to SecMaster. If the iam:credentials:listCredentials (for querying all permanent access keys) and iam:users:listUsers (for querying the user list) permissions are included, you do not need to add agency authorization. Otherwise, grant permissions by referring to (Optional) Creating and Agency.

(Optional) Creating and Agency

SecMaster needs to obtain the iam:credentials:listCredentials (for querying all permanent access keys) and iam:users:listUsers (for querying the user list) permissions to query keys. You need to create an agency for SecMaster.

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. Add a custom policy.
    1. In the navigation pane on the left, choose Permissions > Policies/Roles. In the upper right corner of the displayed page, click Create Custom Policy.
    2. Configure the policy.
      • Policy Name: Enter a policy name.
      • Policy View: Select JSON.
      • Policy Content: Copy the following content and paste it in the text box. 
         1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
        		 
        {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:credentials:listCredentials",
                "iam:users:listUsers"
            ]
        }
    ]
}
    3. Click OK.
  4. Authorize the agency.
    1. In the navigation pane on the left, choose Agencies. On the page displayed, click SecMaster_Agency. The Basic Information page of SecMaster_Agency is displayed by default.
    2. On the Permissions tab, click Authorize.
    3. On the Select Policy/Role page, search for and select the policy added in 3 and click Next.
    4. Set the authorization scope. Select All resources for Scope. After the setting is complete, click OK.

Enabling a Playbook

By default, the initial version (V1) of the Abnormal AccessKey leakage risk scanning playbook has been activated. You only need to enable the playbook.
  1. Log in to the SecMaster console.
  2. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 1 Workspace management page
  3. In the navigation pane on the left, choose Security Orchestration > Playbooks.
    Figure 2 Accessing the Playbooks tab
  4. On the Playbooks tab, search for the Abnormal AccessKey leakage risk scanning playbook and click Enable in its Operation column.
  5. In the dialog box displayed, select the initial playbook version v1 and click OK. If the Playbook Status of the Abnormal AccessKey leakage risk scanning playbook changes to Enabled, the playbook has been enabled successfully.

Implementation Effect

The Abnormal AccessKey leakage risk scanning playbook scans GitHub at 00:00 every day for leaked AK/SK pairs. If there are leaked AK/SK pairs, SecMaster automatically adds an attack alert of the AKSK Leakage type. You can view the alert automatically added by the playbook on SecMaster.

Method 1: On the Alerts page, click the Attack tab to view attack information.

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 3 Workspace management page
  4. In the navigation pane on the left, choose Threats > Alerts.
    Figure 4 Alerts
  1. On the Alerts page, click the Attack tab to view attack information. The Type of the attack is AKSK Leakage.

Method 2: View the access key leakage risks on the account risk control workbench.

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
    Figure 5 Workspace management page
  4. In the navigation pane on the left, choose Workbenches > Account Risk Control Workbench. The Identity Security Panel page is displayed.
  5. On the Identity Security Panel page, view the risks of the Access Key Leak module.
Parent topic: Playbook Overview