I'm writing with a pressing concern regarding a potential security oversight on my part.
I inadvertently published an RStudio Connect API key within a public Git repository, which was exposed for a week before being flagged. Immediately upon realization, I deleted the repository and the API key from our internal RStudio Connect server. I understand the gravity of the mistake and am committed to taking all necessary measures to ensure the safety and security of our data.
To that end, I would like to ascertain if there's a way to check if the API key was accessed or used by any unauthorized parties during the time it was exposed. Specifically:
- Is there a log or an audit trail within RStudio Connect that would show any access or actions taken using the API key during the specified period?
- Are there any best practices or immediate steps you recommend we take to further mitigate potential risks?
Thank you for your understanding and support.