Skip to main content

Scenario S-008 - Exposure of credentials or secrets

Element	Description
Scenario ID	S-008
Target asset	Credentials and secrets storage used by infrastructure services and automation platforms
Threat source	External attacker or malicious insider
Attack vector	Secrets accidentally committed to repositories or compromise of centralized secrets storage
Potential impact	Unauthorized access to infrastructure systems and services through exposed credentials
Likelihood	🟨 Medium - credential exposure in repositories and misconfigured secrets management systems are common causes of breaches
Impact rating	🟥 High - leaked credentials may grant direct access to critical systems and services
Risk rating	🟥 High

Mitigation:

Store secrets in dedicated secrets management systems rather than repositories.
Use encrypted vault mechanisms for sensitive variables.
Implement repository scanning tools to detect exposed credentials.
Apply strict access control and auditing for secrets storage.
Rotate credentials regularly and immediately after any suspected exposure.

Owners:

Dev - secure handling of application secrets and repository practices.
Ops - secrets storage infrastructure and access management.
Sec - monitoring, policy enforcement, and auditing.

References:

ISO 27001 - Control 8.2 Privileged access rights.
ISO 27001 - Control 8.3 Information access restriction.
ISO 27001 - Control 8.16 Monitoring activities.
NIST CSF - PR.AC Access Control.
NIST CSF - PR.DS Data Security.
NIST CSF - DE.CM Continuous Monitoring.
EBIOS RM - Threat scenarios related to credential exposure and secret compromise.

Response actions:

Containment - Immediately revoke exposed credentials and restrict access to affected systems.
Eradication - Remove exposed secrets from repositories and secure the secrets storage platform.
Recovery - Generate new credentials and update dependent services.
Post-incident - Conduct repository audits, improve secret management practices, and strengthen monitoring rules.