turbot/gcp_compliance

Control: Project should not have use api keys

Description

API keys are best reserved for situations where no alternative authentication methods are available. Within a project, there may be lingering, unused keys that still retain their permissions. The inherent insecurity of keys arises from their susceptibility to public exposure, either through web browsers or when residing on a device. It is advisable to prioritize the adoption of conventional authentication mechanisms over the reliance on API keys.

Usage

Run the control in your terminal:

powerpipe control run gcp_compliance.control.project_no_api_key

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_compliance.control.project_no_api_key --share

SQL

This control uses a named query:

project_no_api_key

Tags