Alibaba Cloud Access Key ID

Alibaba Cloud (also AliCloud or Aliyun) use access keys for programmatic calls to Alibaba Cloud or for authentication in the Alibaba Cloud command-line interface. An access key is a pair (Access Key ID, Secret Key) where Access Key ID (like LTAI5tMYCr1pxcx4vz2o7riE) acts as the username and Secret Key (like vtAZaFH4CqJcqFj5oyyuRobivPNK8p) acts as a password.

Access keys are managed by the Resource Access Management (RAM) service.

The Access Key ID is less sensitive than the secret, but it should not be made public. Together with the secret part of the access key pair, it would allow a threat actor to access any cloud resource allowed to the key owner.

The following example shows a hardcoded Alibaba Cloud access key (id and secret) in a shell script:

Follow your policy for handling leaked secrets, which typically require rotating the secret in the target system(s). To delete the access key pair, follow the instructions in the Mitigation / Fix section of the Alibaba Cloud Secret Access Key detector.