Remediation
From Google Cloud CLIβ
-
List all Cloud KMS
cryptokeys.gcloud kms keys list \
--keyring={{key-ring-name}} \
--location=global \
--format=json | jq '.[].name' -
Remove the IAM policy bindings to revoke access for
allUsersandallAuthenticatedUsersby running the following commands.gcloud kms keys remove-iam-policy-binding {{key-name}} \
--keyring={{key-ring-name}} \
--location=global \
--member='allAuthenticatedUsers' \
--role='{{role}}'gcloud kms keys remove-iam-policy-binding {{key-name}} \
--keyring={{key-ring-name}} \
--location=global \
--member='allUsers' \
--role='{{role}}'