Skip to main content
Sign Up

Google Cloud Keys

Description

General

  • Documentation: https://cloud.google.com/iam/docs/
  • Summary: Google Cloud Platform provides resources to help clients process and store data on a cloud. On top of that, Google Cloud Platform also gives to developers tools to develop and host web applications. This detector focuses on detecting Google cloud service account keys. These keys allow a server to make authenticated API calls to the Google Cloud Platform. With appropriate scopes full control of the concerned Google Cloud infrastructure can be obtained.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Scopes can be set with IAM roles definition (see here).

Revoke the secret

A secret can be revoked via the API or from the GCP console. See the documentation for more details.

Check for suspicious activity

Access logs are available for most operations. See the Google documentation for more details.

Details for Googlecloud

  • Family: Api

  • Category: Cloud Provider

  • Company: Google Cloud Platform

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 4

  • Occurrences found for one million commits: 918.46

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - project_id
    - private_key_id
    - private_key

Examples

- text: |
    client_email=secrets@gitguardian.iam.gserviceaccount.com
    project_id=red-button-project
    private_key_id=a8dba6e69ae6576c0673b175a2dd30a4d35425f8
    private_key=-----BEGIN PRIVATE KEY-----MIIDAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876-----END PRIVATE KEY-----
  client_id: secrets@gitguardian.iam.gserviceaccount.com
  project_id: red-button-project
  private_key_id: a8dba6e69ae6576c0673b175a2dd30a4d35425f8
  private_key: -----BEGIN PRIVATE KEY-----MIIDAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876DAOIZJDOIaozijdoiajzdj876-----END PRIVATE KEY-----
- text: |
    {
      "type": "service_account",
      "project_id": "green-button-project",
      "private_key_id": "f5fad24f9ed02e032fcd6b78623d1a8823123abc",
      "private_key": "-----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----\n",
      "client_email": "secrets@gitguardian.iam.gserviceaccount.com",
      "client_id": "111135331340794001234",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "token_uri": "https://oauth2.googleapis.com/token",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/green-button-project%40secrets@gitguardian.iam.gserviceaccount.com"
    }
  client_id: secrets@gitguardian.iam.gserviceaccount.com
  project_id: green-button-project
  private_key_id: f5fad24f9ed02e032fcd6b78623d1a8823123abc
  private_key: -----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----
- text: |
    {
      "type": "service_account",
      "project_id": "green-button-project",
      "private_key_id": "f5fad24f9ed02e032fcd6b78623d1a8823123abc",
      "private_key": "-----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----\n",
      "client_email": "1233255797434580-compute@gitguardian.iam.gserviceaccount.com",
      "client_id": "111135331340794001234",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "token_uri": "https://oauth2.googleapis.com/token",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/green-button-project%40secrets@gitguardian.iam.gserviceaccount.com"
    }
  client_id: 1233255797434580-compute@gitguardian.iam.gserviceaccount.com
  project_id: green-button-project
  private_key_id: f5fad24f9ed02e032fcd6b78623d1a8823123abc
  private_key: -----BEGIN PRIVATE KEY-----\nMIICXQIBAAKBgQCpoq2EpZRNUAT47NmVbAn6L56PMjU2hFgL4P9RrnTnKwEi3rKq\nQJV/330dm6otDWwhGCqgv9jzOAsjJozTCr/mFaRYenzg9lUWPORziUeTOeUPK2fS\nJAZt35bJojVNA3dUhr+qSsvu74v2cD7hhb9rw96EpWaqiXXswF+j+fiCTwIDAQAB\nAoGANkCw/ht2ssNE09fsPr2u8zUHoQSNwEHTZvkurxD8knJOirhuq8S8C4mOmkmO\nw5nnWy4/c+nnmOHzrepGX7iwZoB4Ig+NlShho2WrUvcu6S/DmtHBcCWvuWxpj/OU\ngnn6x1QpF+AzL3tm29Uwidjci/+V4yxq9p/3Q+m089GruAECQQDSPJXpdXpVSVBK\n9TyPccYpWRAXisHv1m0b6kUTqFO6kjMm1gCRH3p/rnCrpiUORSfGEVwk3lFJvzSv\noFdpcl3hAkEAzo+YQw+NDc/UtSyqokOfWkJjp0F8YSK5rcAarJdBzdBmXu40wC7N\nwtdgS60SVi2aBfxqhp0GpfGwPJvDTIYGLwJAIvQPuJDfle5qewvq1a6E07sLAd7/\n/3AXE90PPwVtZkeIWZya24XwR+oosWEeKBE3W6bnOvn7addwWwK9hbqOAQJBALnt\n2SFr6wymqZFXHlSmx9Zn8emIcZvBtR7nz1rRX+MRlkQW6Jagyod6dGxJ4jp+G6kN\ntxlqWKSgc4Fqt5W3AfMCQQCibgU+7SGwXgWPDILCUp8ZcHbDsvmNGzIEt91bO/Jx\nA25IHS03kc5ARosuNympZkOhPEotsnbdNkRdDZsVhTWn\n-----END PRIVATE KEY-----

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?