Real AWS, GCP, and Azure credentials that have no permissions but report to us when used. When an attacker steals and uses them — anywhere in the world — you get an instant alert.
[ALERT] AWS credential token used!
Action: sts:GetCallerIdentity
Region: us-east-1
Source IP: 185.234.xx.xx
User Agent: aws-cli/2.13.0
[INFO] GCP service account accessed
Project: tripwire-canary-abc123
Action: storage.buckets.list
[ALERT] Azure credential enumeration
Tenant: xxxxxxxx-xxxx-xxxx
Monitoring global cloud activity...
Create credential tokens for all major cloud platforms. All providers included in Professional plan.
IAM user credentials that alert when any AWS API is called. Detect credential theft across all regions.
Service account keys that report usage to Cloud Audit Logs. Full API coverage.
Service principal credentials with Azure Monitor integration for instant detection.
Real cloud credentials that can't do anything — except tell you when they're used.
We create real credentials in our cloud accounts — IAM users, service accounts, app registrations.
Add them to config files, code repos, password managers, or anywhere credentials might be found.
When stolen credentials are used anywhere — any region, any API — the cloud provider logs it.
We monitor logs in real-time and alert you instantly with source IP, action attempted, and timing.
Unlike honeypots that require attackers to connect to your infrastructure, credential tokens work globally.
Credentials work worldwide. If an attacker in Russia uses your stolen AWS key, you know instantly.
The credentials have no actual permissions. Attackers can't do any damage — only reveal themselves.
You now have evidence that credentials were stolen and used — critical for incident response.
Cloud credential tokens are available in Business plan at £199/month.