Several customers who use Amazon Web Services (AWS) are utilizing Stripe global payment services to accelerate product development and increase revenue, particularly in the internet economy. Protecting credentials used to authenticate with Stripe services is crucial for security, much like how AWS API keys are essential for accessing AWS resources. It is vital to keep Stripe API keys confidential and well-managed to prevent unauthorized access to Stripe accounts and the movement of real money. Inadvertently exposing Stripe API keys on platforms like GitHub, logs, or Amazon S3 necessitate the invalidation and re-issuance of these keys.
In response to customer requests for tools to mitigate the risk of unintentional exposure of Stripe API keys, AWS collaborated with Stripe to create a new managed data identifier within Amazon Macie. This identifier can help users identify and safeguard Stripe API keys stored in Amazon S3 buckets.
Stripe provides payment processing services for businesses worldwide, ensuring secure authentication of API requests through API keys. The use of test-mode keys for development and restricted access to live-mode keys is encouraged to prevent data leaks and unauthorized transactions. Stripe also supports publishable keys for website or app payment collection.
Amazon Macie, a managed service utilizing machine learning and pattern matching, aids in the discovery and protection of sensitive data, such as personally identifiable information. The new managed data identifier “STRIPE_CREDENTIALS” within Macie can recognize Stripe API secret keys to enhance security. The blog post details the configuration of Amazon Macie to detect Stripe credentials and provides steps to create a Macie job for this purpose.
If sensitive data such as Stripe API keys is unintentionally disclosed in an S3 bucket, users can revoke access to the compromised key and generate a new one through the Stripe dashboard. Implementing regular reviews of S3 buckets, restricting access, training developers in security practices, and monitoring logs and repositories can help prevent key exposure and potential security breaches.
By following these practices and utilizing Amazon Macie’s managed data identifiers, AWS customers can enhance the security of their sensitive data on the platform. Koulick Ghosh, Sagar Gandha, and Mohan Musti, experienced professionals in AWS Security and Technical Account Management, provide valuable insights and guidance in the blog post to help users safeguard their data effectively on AWS.
Stripe API Keys Exposed in Amazon S3 Bucket: Security Breach Mitigated
