gcp_compliance

GCP Compliance

Unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API key usage to trusted hosts, HTTP referrers and apps.

iam_api_key_restricts_websites_hosts_apps

all_controls_iam

Ensure API keys are restricted to use by only specified Hosts and Apps

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard across all your GCP projects using Powerpipe and Steampipe.

Control: Ensure API keys are restricted to use by only specified Hosts and Apps

Description

Usage

SQL

Tags