Skip to main content

Google Cloud Keys

Description#

General#

  • Documentation: https://cloud.google.com/iam/docs/
  • Summary: Google Cloud Platform provides resources to help clients process and store data on a cloud. On top of that, Google Cloud Platform also gives to developers tools to develop and host web applications. This detector focuses on detecting Google cloud service account keys. These keys allow a server to make authenticated API calls to the Google Cloud Platform. With appropriate scopes full control of the concerned Google Cloud infrastructure can be obtained.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Scopes can be set with IAM roles definition (see here).

Revoke the secret#

A secret can be revoked via the API or from the GCP console. See the documentation for more details.

Check for suspicious activity#

Access logs are available for most operations. See the Google documentation for more details.

Details for Googlecloud#

  • Family: Api

  • Category: Cloud Provider

  • Company: Google Cloud Platform

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 918.46

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - project_id  - private_key_id  - private_key

Examples#

- text: |    client_email=secrets@gitguardian.iam.gserviceaccount.com    project_id=red-button-project    private_key_id=a8dba6e69ae6576c0673b175a2dd30a4d35425f8    private_key=-----BEGIN PRIVATE KEY-----MIIDAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876-----END PRIVATE KEY-----  client_id: secrets@gitguardian.iam.gserviceaccount.com  project_id: red-button-project  private_key_id: a8dba6e69ae6576c0673b175a2dd30a4d35425f8  private_key: -----BEGIN PRIVATE KEY-----MIIDAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876-----END PRIVATE KEY------ text: |    {      "type": "service_account",      "project_id": "green-button-project",      "private_key_id": "f5fad24f9ed02e032fcd6b78623d1a8823123abc",      "private_key": "-----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----\n",      "client_email": "secrets@gitguardian.iam.gserviceaccount.com",      "client_id": "111135331340794001234",      "auth_uri": "https://accounts.google.com/o/oauth2/auth",      "token_uri": "https://oauth2.googleapis.com/token",      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/green-button-project%40secrets@gitguardian.iam.gserviceaccount.com"    }  client_id: secrets@gitguardian.iam.gserviceaccount.com  project_id: green-button-project  private_key_id: f5fad24f9ed02e032fcd6b78623d1a8823123abc  private_key: -----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----