Track API key usage by combining IBM Cloud IAM and LogDNA search

Which key is still in use...?

Recently, I blogged about tracking account activity from the command line. I showed you how to search IBM Cloud Activity Tracker with LogDNA records using a Python script. Today, I discuss how to combine the IAM Identity Services API with the LogDNA search to track usage of API keys. The goal is to find out whether API keys for a user or service ID were recently used. If they were not used for long, they might be up for deletion.

Offboarding on IBM Cloud: Considerations when removing a user

Only authorized persons have access

Over my past blog posts I have looked into how to rotate credentials in different compute environments. I looked at Cloud Foundry on IBM Cloud, Cloud Functions and Kubernetes. The background is that I wanted to understand what it takes to maintain security during the regular DevSecOps cycles and when someone in the team leaves. The latter often is called offboarding.

Get some REST with Db2

Db2 has a REST API

Many of the IBM Cloud services have a REST API, an overview of REST APIs is here in the IBM Cloud docs. Recently, I realized that I had not yet tried the Db2 on Cloud API and the API for Db2 Warehouse on Cloud. Thus, last Friday I took some time to test out some code using one of my Db2 instances on IBM Cloud. Here is what you need to get started....

Track it from the command line: Search audit events in LogDNA using Python

Take a look at security logs

Earlier this year, IBM and LogDNA announced an integrated offering Activity Tracker with LogDNA. It allows to manage and search activity events in LogDNA instances on IBM Cloud. There are IAM, account management and all kinds of service instance events that can be tracked. Viewing the events is typically done in the LogDNA UI. I, however, want to perform searches on the command line and integrate it with Cloud Functions. In this article, I discuss the small tool that I wrote the search the activity logs and export them.