gcp_apikeys_keygcp_audit_policygcp_bigquery_datasetgcp_bigquery_jobgcp_bigquery_tablegcp_bigtable_instancegcp_cloudfunctions_functiongcp_compute_addressgcp_compute_autoscalergcp_compute_backend_bucketgcp_compute_backend_servicegcp_compute_diskgcp_compute_disk_metric_read_opsgcp_compute_disk_metric_read_ops_dailygcp_compute_disk_metric_read_ops_hourlygcp_compute_disk_metric_write_opsgcp_compute_disk_metric_write_ops_dailygcp_compute_disk_metric_write_ops_hourlygcp_compute_firewallgcp_compute_forwarding_rulegcp_compute_global_addressgcp_compute_global_forwarding_rulegcp_compute_ha_vpn_gatewaygcp_compute_imagegcp_compute_instancegcp_compute_instance_groupgcp_compute_instance_metric_cpu_utilizationgcp_compute_instance_metric_cpu_utilization_dailygcp_compute_instance_metric_cpu_utilization_hourlygcp_compute_instance_templategcp_compute_machine_typegcp_compute_networkgcp_compute_node_groupgcp_compute_node_templategcp_compute_project_metadatagcp_compute_regiongcp_compute_resource_policygcp_compute_routegcp_compute_routergcp_compute_snapshotgcp_compute_ssl_policygcp_compute_subnetworkgcp_compute_target_https_proxygcp_compute_target_poolgcp_compute_target_ssl_proxygcp_compute_target_vpn_gatewaygcp_compute_url_mapgcp_compute_vpn_tunnelgcp_compute_zonegcp_dataproc_clustergcp_dns_managed_zonegcp_dns_policygcp_dns_record_setgcp_iam_policygcp_iam_rolegcp_kms_keygcp_kms_key_ringgcp_kms_key_versiongcp_kubernetes_clustergcp_kubernetes_node_poolgcp_logging_bucketgcp_logging_exclusiongcp_logging_metricgcp_logging_sinkgcp_monitoring_alert_policygcp_monitoring_groupgcp_monitoring_notification_channelgcp_organizationgcp_projectgcp_project_organization_policygcp_project_servicegcp_pubsub_snapshotgcp_pubsub_subscriptiongcp_pubsub_topicgcp_service_accountgcp_service_account_keygcp_sql_backupgcp_sql_databasegcp_sql_database_instancegcp_sql_database_instance_metric_connectionsgcp_sql_database_instance_metric_connections_dailygcp_sql_database_instance_metric_connections_hourlygcp_sql_database_instance_metric_cpu_utilizationgcp_sql_database_instance_metric_cpu_utilization_dailygcp_sql_database_instance_metric_cpu_utilization_hourlygcp_storage_bucket
Table: gcp_service_account_key
Service Account Keys are public/private RSA key pairs which are used to authenticate to Google Cloud APIs.
Examples
List of service accounts using user managed keys
select service_account_name as service_account, title, key_typefrom gcp_service_account_keywhere key_type = 'USER_MANAGED';Validity time for the service account keys
select title, service_account_name as service_account, valid_after_time, valid_before_timefrom gcp_service_account_key;Get public key data for a service account key
select name, key_type, key_origin, public_key_data_raw, public_key_data_pemfrom gcp_service_account_keywhere service_account_name = 'test@myproject.iam.gserviceaccount.com';Query examples
- iam_service_account_keys_for_iam_service_account
- iam_storage_account_keys
- service_account_key_1_year_count
- service_account_key_24_hours_count
- service_account_key_30_90_days_count
- service_account_key_30_days_count
- service_account_key_90_365_days_count
- service_account_key_age_table
- service_account_key_count
.inspect gcp_service_account_key
GCP Service Account Key
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. |
| key_algorithm | text | Specifies the algorithm (and possibly key size) for the key. |
| key_origin | text | Specifies the origin of the key. |
| key_type | text | The type of the service account key. |
| location | text | The GCP multi-region, region, or zone in which the resource is located. |
| name | text | The friendly name that identifies the service account key. |
| project | text | The GCP Project in which the resource is located. |
| public_key_data_pem | text | Specifies the public key data in PEM format. |
| public_key_data_raw | text | Specifies the public key data in raw format. |
| service_account_name | text | Service account in which the key is located. |
| title | text | Title of the resource. |
| valid_after_time | timestamp with time zone | Specifies the timestamp, after which the key can be used. |
| valid_before_time | timestamp with time zone | Specifies the timestamp, after which the key gets invalid. |