💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)

Contextual name: 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)
ID: /frameworks/cis-gcp-v2.0.0/01/13
Located in: 💼 1 Identity and Access Management

Description

API Keys should only be used for services in cases where other authentication methods are unavailable. In this case, unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API key usage to trusted hosts, HTTP referrers and apps. It is recommended to use the more secure standard authentication flow instead.

Similar

Sections
- /frameworks/cis-gcp-v3.0.0/01/13
- /frameworks/cis-gcp-v1.3.0/01/13
Internal
- ID: dec-c-a6c67529

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS GCP v1.3.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 1 (Manual)			1
💼 CIS GCP v3.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS GCP v1.3.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 1 (Manual)			1
💼 CIS GCP v3.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 Google API Key is not restricted for unspecified hosts and apps 🟢		🟢 x3

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​