Query: Project should not have use api keys

Description

API keys are best reserved for situations where no alternative authentication methods are available. Within a project, there may be lingering, unused keys that still retain their permissions. The inherent insecurity of keys arises from their susceptibility to public exposure, either through web browsers or when residing on a device. It is advisable to prioritize the adoption of conventional authentication mechanisms over the reliance on API keys.

Query

Tables used in this query:

• gcp_apikeys_key
• gcp_project

Controls using this query:

• 1.12 Ensure API Keys Only Exist for Active Services
• Project should not have use api keys

SQL