Skip to content

Google API Key

Service Name: Google Cloud Platform (GCP)

Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products. It provides a range of services including computing, data storage, data analytics, and machine learning.

Service Address: https://cloud.google.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the API key level through the Google Cloud Console.

Secret Access Scope: Grants access to specific Google Cloud APIs and services based on the permissions configured for the key. Can be used for services like Maps, Geocoding, Places, and other Google APIs.

Secret Revokement URL: https://console.cloud.google.com/apis/credentials

Secret Example: AIzaSyC2PXhGq0XYXXXXxxxxxXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review the Google Cloud Console audit logs for unusual API calls or usage patterns.
  • Check the API key usage metrics in the Google Cloud Console to identify unexpected spikes in usage.
  • Verify which services and APIs the key has been used to access.
  • Review the IP addresses that have been using the API key.
  • Check for any unauthorized projects or resources created using the compromised key.

Mitigation Instructions:

  • Immediately restrict or delete the compromised API key in the Google Cloud Console.
  • Navigate to https://console.cloud.google.com/apis/credentials.
  • Locate the affected API key in the list.
  • Click on the key to view its details.
  • Click "Delete" to remove the key or use "Restrict" to limit its usage.
  • Create a new API key with appropriate restrictions:
  • Set application restrictions (HTTP referrers, IP addresses, or Android/iOS apps)
  • Set API restrictions to limit which APIs the key can access
  • Update all applications and services to use the new, properly restricted API key.
  • Monitor the usage of the new key to ensure it's being used as expected.