51 lines
1.5 KiB
Plaintext
51 lines
1.5 KiB
Plaintext
|
|
include::../../../shared_content/secrets/description.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
|
|
|
=== What is the potential impact?
|
|
|
|
If attackers gain access to a New Relic API key, they could potentially inject forged data, retrieve sensitive information, or configure features within New Relic monitoring solutions.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the secret.
|
|
|
|
include::../../../shared_content/secrets/impact/data_compromise.adoc[]
|
|
|
|
include::../../../shared_content/secrets/impact/data_modification.adoc[]
|
|
|
|
== How to fix it
|
|
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
|
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
|
|
|
=== Code examples
|
|
|
|
:example_secret: NRAK-S6Z8F90IQDWRILXAKBBESCDIY99
|
|
:example_name: newrelic.api_key
|
|
:example_env: NEWRELIC_API_KEY
|
|
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
|
|
|
//=== How does this work?
|
|
|
|
//=== Pitfalls
|
|
|
|
//=== Going the extra mile
|
|
|
|
== Resources
|
|
|
|
=== Documentation
|
|
|
|
* new relic Docs - https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/[New Relic API keys]
|
|
* new relic Docs - https://docs.newrelic.com/docs/synthetics/synthetic-monitoring/private-locations/private-locations-overview-monitor-internal-sites-add-new-locations/[Private locations overview: Monitor internal sites and add new locations]
|
|
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
|
|
|
//=== Benchmarks
|