💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)

ID: /frameworks/cis-gcp-v2.0.0/01/13

Description

API Keys should only be used for services in cases where other authentication methods are unavailable. In this case, unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API key usage to trusted hosts, HTTP referrers and apps. It is recommended to use the more secure standard authentication flow instead.

Similar

Sections
- /frameworks/cis-gcp-v3.0.0/01/13
- /frameworks/cis-gcp-v1.3.0/01/13
Internal
- ID: dec-c-a6c67529

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v1.3.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 1 (Manual)			1		no data
💼 CIS GCP v3.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v1.3.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 1 (Manual)			1		no data
💼 CIS GCP v3.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Google API Key is not restricted for unspecified hosts and apps🟢⚪		🟢 x2, ⚪ x1	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​