Zoom API JWT Keys
ID |
zoom_api_jwt_keys |
Severity |
high |
Vendor |
Zoom |
Family |
Access key |
Description
Zoom Video Communications is a communications technology company.
Its API give programmatically access to Zoom features and enable to integrate external services with it. JWT can be used for server-to-server interactions, they can be generated with an API key and secret or directly from the developer dashboard.
Security
Any hardcoded Zoom API JWT Key and Secret is a potential secret reported by this detector.
Accidentally checking-in the key or secret to source control repositories could compromise your Zoom account.
Mitigation / Fix
-
Remove the
KeyandSecretfrom the source code or committed configuration file. -
Follow your policy for handling leaked secrets, which typically require revoking the secret in the target system(s). Go to your app dashboard and regenerate the API secret to revoke a JWT.
-
If under a git repository, you may remove unwanted files from the repository history using tools like
git filter-repoorBFG Repo-Cleaner. You may follow the procedure listed here for GitHub.
|
You should consider any sensitive data in commits with secrets as compromised. Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories. |