gcp_compliance

GCP Compliance

API keys are best reserved for situations where no alternative authentication methods are available. Within a project, there may be lingering, unused keys that still retain their permissions. The inherent insecurity of keys arises from their susceptibility to public exposure, either through web browsers or when residing on a device. It is advisable to prioritize the adoption of conventional authentication mechanisms over the reliance on API keys.

project_no_api_key

nist_800_53_rev_5_pl_8

Information Security Architecture (PL-8)

nist_csf_v10_pr_ip_2

PR.IP-2

all_controls_project

Project

nist_800_53_rev_5_sa_8

Security Engineering Principles (SA-8)

Project should not have use api keys

Run individual configuration, compliance and security controls or full compliance benchmarks for CIS, Forseti Security and CFT Scorecard across all your GCP projects using Powerpipe and Steampipe.

Apache License 2.0

steampipe-mod-gcp-compliance

Control: Project should not have use api keys

Description

Usage

SQL

Tags