/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Credentials from the VCAP_SERVICES environment variable were exported from a DEV tenant of Cloud Integration, saved to a JSON file, and accidentally added to version control, exposing them for long time period.
- The exposed credentials include two services that need to be rotated, but they do not appear in the SAP Cockpit.
- The potential misuse of x509 keys and the impact on service instances in the SAP Integration Suite.
Read more...
Environment
- SAP Integration Suite
- SAP Business Technology Platform
Product
SAP Integration Suite 1.0
Keywords
vcap_services, sap integration suite, rotate keys, binding secrets, exposed credentials, sap btp, cloud integration, x509 keys, unbind rebind, service instance, security risk , KBA , BC-CP-CF-SEC-IAM , UAA, Authentication, Authorization, Trust Mgmnt , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)