๐ผ 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)
- Contextual name: ๐ผ 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)
- ID:
/frameworks/cis-gcp-v2.0.0/01/12 - Located in: ๐ผ 1 Identity and Access Management
Descriptionโ
API Keys should only be used for services in cases where other authentication methods are unavailable. Unused keys with their permissions in tact may still exist within a project. Keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to use standard authentication flow instead.
Similarโ
- Internal
- ID:
dec-c-47292234
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|