GCP Functions

Step 1: Locate the Exposed Token with SailPoint Entro Platform
Use the link provided by SailPoint Entro to navigate directly to access GCP Functions where the token was exposed.

Identify the affected function by selecting it and reviewing the function’s code and environment variables to find where the sensitive data is located.
Step 2: Revoke Rotate and remove the Exposed Token
To remediate the issue, use the RIGOR workflow:
-
Redact Sensitive Information: In the Cloud Console, select the affected function and click on Edit. Remove the exposed token in the code and any environment variables with references to securely stored tokens.
-
Inform the owner about the token exposure so that the practice is not repeated.
-
Generate a new token if necessary and ensure it is securely vaulted, avoiding exposure in scripts, pipeline configurations, or environment settings.
-
Organize and take notes throughout this process as they will be necessary for a future root cause analysis, response plans, etc...
-
Revoke any exposed tokens through the issuing service based on the token type provided by SailPoint Entro. Refer to Key Rotation Best Practices.
Step 3 (optional): Use Google Secret Manager for Sensitive Data
Navigate to Secret Manager in the Google Cloud Console and Create a Secret to securely store the sensitive information.
Assign appropriate permissions, such as Secret Manager Secret Accessor, to the service account used by your Cloud Function, allowing it to access the stored secrets.
Step 4: Audit Access
Review audit logs in Google Cloud to ensure that no unauthorized access occurred while the token was exposed.
Step 5: Monitor
Enable monitoring and set up alerts to notify you of any unusual activity related to the function or access to sensitive data.
How to Remove a SailPoint Entro Exposed Risk from Google Cloud Functions
If SailPoint Entro identifies a risk in your Google Cloud Function, act swiftly to eliminate the threat and secure your application. Follow these steps to manage the exposure and protect sensitive information:

Step 1: Locate the Exposed Token with SailPoint Entro Platform

-
Access Cloud Functions by using the link to navigate directly to the exposed location in Google Cloud Platform (GCP).
-
Identify the affected function by selecting it and reviewing the function’s code and environment variables to find where the sensitive data is located.

Step 2: Revoke or Rotate the Exposed Token
-
Revoke the exposed token immediately through the issuing service, such as an API management tool or OAuth provider.
-
If the token is still required, generate a new one and ensure it is securely stored, avoiding exposure in code or environment variables.
Step 3: Rotate the Token in the Cloud Function
-
In the Cloud Console, select the affected function and click on Edit. Replace the exposed token in the code and any environment variables with references to securely stored tokens.
-
Scroll down to the “Runtime, build, connections, and security settings” section, expand the “Environment variables” section, and rotate any entries containing the exposed token.
-
Save the changes and redeploy the function to apply the updates with the rotated token.
Step 4: Use Google Secret Manager for Sensitive Data
-
Navigate to Secret Manager in the Google Cloud Console and click on Create Secret to securely store the sensitive information.
-
Assign appropriate permissions, such as Secret Manager Secret Accessor, to the service account used by your Cloud Function, enabling it to access the stored secrets.
Step 5: Update the Function to Access Secrets Securely
-
Update the function settings to access sensitive data from Secret Manager rather than using hard-coded values or environment variables.
-
Redeploy the function to ensure it uses the securely stored data from Secret Manager.
Step 6: Audit and Monitor Access
-
Review audit logs in Google Cloud to ensure that no unauthorized access occurred while the token was exposed.
-
Enable monitoring and set up alerts to notify you of any unusual activity related to the function or access to sensitive data.
These steps will guide you in effectively managing the exposed token detected by SailPoint Entro and securing your Google Cloud Functions.
By following these steps, you can effectively remove the exposed token from your Google Cloud Function, secure your application, and implement best practices for handling sensitive information in the future.