Google API Key

Description

General

• Documentation: https://cloud.google.com/docs/authentication/api-keys
• Summary: Google API key is used to authenticate requests to any Google API (such as Maps for instance). Although these API keys don't give access to personal or sensitive data, exposing them can result in quota theft and unauthorized usage.
• IPs allowlist: Some limitations can be added to each API key. See documentation for more details.
• Scopes: Scopes can be finely configured for each API key. See documentation for more details.

Revoke the secret

Existing keys can be managed from the console.

Check for suspicious activity

API key usage in the past 30 days can be monitored from the Google console.

Details for Googleaiza

• Family: Api

• Category: Cloud Provider

• Company: Google

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 1226.16

• Prefixed: True

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^(cs|x|p|s|r)?html5?~?$
  banlist_filenames:
    - (?i)googleservice-info
    - google-services
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - aiza

Examples

- text: |
    key = AIzaSy0c3965368a6b10f7640dbda46abfdca98
  apikey: AIzaSy0c3965368a6b10f7640dbda46abfdca98

- text: |
    googleMapsKey = AIzaSy0c3965368a6b10f7640dbda46abfdca98
    request(coords, googleMapsKey)
    # some really interesting stuff about code and stuff and code
    firebaseConfig
  apikey: AIzaSy0c3965368a6b10f7640dbda46abfdca98