Query: Ensure API keys are restricted to use by only specified Hosts and Apps

Description

Unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API key usage to trusted hosts, HTTP referrers and apps.

Query

Tables used in this query:

• gcp_apikeys_key

Controls using this query:

• 1.13 Ensure API keys are restricted to use by only specified Hosts and Apps
• 1.13 Ensure API keys are restricted to use by only specified Hosts and Apps
• 1.13 Ensure API keys are restricted to use by only specified Hosts and Apps
• 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps
• Ensure API keys are restricted to use by only specified Hosts and Apps

SQL