steampipe plugin install gcp

Table: gcp_kms_key_ring - Query Google Cloud Key Management Service Key Rings using SQL

Google Cloud Key Management Service (KMS) is a cloud service for managing cryptographic keys for your cloud services. Key Rings are used to group keys together for easier management. Each Key Ring belongs to a specific Google Cloud Project and resides in a specific location.

Table Usage Guide

The gcp_kms_key_ring table provides insights into Key Rings within Google Cloud Key Management Service (KMS). As a security engineer, you can explore key ring-specific details through this table, including their names, creation times, and locations. Utilize it to manage and review the cryptographic keys for your cloud services.

Examples

Basic info

Explore which key rings have been created within Google Cloud's Key Management Service. This can help monitor the timeline of key ring creation for better security and resource management.

select
name,
create_time
from
gcp_kms_key_ring;
select
name,
create_time
from
gcp_kms_key_ring;

List key rings older than 30 days

Discover the segments that have key rings older than 30 days. This is useful for identifying and managing outdated or potentially unused key rings in your Google Cloud Platform.

select
name,
create_time
from
gcp_kms_key_ring
where
create_time <= (current_date - interval '30' day)
order by
create_time;
select
name,
create_time
from
gcp_kms_key_ring
where
date(create_time) <= date('now', '-30 days')
order by
create_time;

Schema for gcp_kms_key_ring

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
create_timetimestamp with time zoneThe time at which this KeyRing was created.
iam_policyjsonbAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`.
locationtext=The GCP multi-region, region, or zone in which the resource is located.
nametext=The resource name for the KeyRing.
projecttext=, !=, ~~, ~~*, !~~, !~~*The GCP Project in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp

You can pass the configuration to the command with the --config argument:

steampipe_export_gcp --config '<your_config>' gcp_kms_key_ring