💼 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)

ID: /frameworks/cis-gcp-v3.0.0/01/12

Description

API Keys should only be used for services in cases where other authentication methods are unavailable. Unused keys with their permissions in tact may still exist within a project. Keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to use standard authentication flow instead.

Similar

Sections
- /frameworks/cis-gcp-v2.0.0/01/12
Internal
- ID: dec-c-377e5434

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v2.0.0 → 💼 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v2.0.0 → 💼 1.12 Ensure API Keys Only Exist for Active Services - Level 2 (Automated)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Google Project has API Keys🟢	1	🟠 x1, 🟢 x5	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​