Skip to main content

Google API Key

Description#

General#

  • Documentation: https://cloud.google.com/docs/authentication/api-keys
  • Summary: Google API key is used to authenticate requests to any Google API (such as Maps for instance). Although these API keys don't give access to personal or sensitive data, exposing them can result in quota theft and unauthorized usage.
  • IPs allowlist: Some limitations can be added to each API key. See documentation for more details.
  • Scopes: Scopes can be finely configured for each API key. See documentation for more details.

Revoke the secret#

Existing keys can be managed from the console.

Check for suspicious activity#

API key usage in the past 30 days can be monitored from the Google console.

Details for Googleaiza#

  • Category: Other

  • Company: Google

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1176.9

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames:  - google-services  - googleservice-info  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - aiza

Examples#

- text: >    key = AIzaSy0c3965368a6b10f7640dbda46abfdca98  apikey: AIzaSy0c3965368a6b10f7640dbda46abfdca98
- text: >    googleMapsKey = AIzaSy0c3965368a6b10f7640dbda46abfdca98    request(coords, googleMapsKey)    # some really interesting stuff about code and stuff and code    firebaseConfig  apikey: AIzaSy0c3965368a6b10f7640dbda46abfdca98