Query: Ensure API keys are restricted to only APIs that application needs access

Description

API keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API keys to use (call) only APIs required by an application.

Query

Tables used in this query:

• gcp_apikeys_key

Controls using this query:

• 1.14 Ensure API keys are restricted to only APIs that application needs access
• 1.14 Ensure API keys are restricted to only APIs that application needs access
• 1.14 Ensure API keys are restricted to only APIs that application needs access
• 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access
• Ensure API keys are restricted to only APIs that application needs access

SQL