Remediation
From Google Cloud CLIβ
-
List all Cloud KMS
Cryptokeys.gcloud kms keys list --keyring=[key_ring_name] --location=global --format=json | jq '.[].name'
-
Remove IAM policy binding for a KMS key to remove access to
allUsersandallAuthenticatedUsersusing the below command.gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allAuthenticatedUsers' --role='[role]'
gcloud kms keys remove-iam-policy-binding [key_name] --keyring=[key_ring_name] --location=global --member='allUsers' --role='[role]'