💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)

ID: /frameworks/cis-gcp-v3.0.0/01/13

Description

API Keys should only be used for services in cases where other authentication methods are unavailable. In this case, unrestricted keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to restrict API key usage to trusted hosts, HTTP referrers and apps. It is recommended to use the more secure standard authentication flow instead.

Similar

Sections
- /frameworks/cis-gcp-v2.0.0/01/13
Internal
- ID: dec-c-231f1cb0

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v2.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS GCP v2.0.0 → 💼 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps - Level 2 (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ Google API Key is not restricted for unspecified hosts and apps🟢⚪		🟢 x2, ⚪ x1	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​