Skip to content

Google Cloud Storage HMAC Key

Service Name: Google Cloud Storage

Service Description: Google Cloud Storage is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure. It provides secure, durable, and highly-available object storage.

Service Address: https://cloud.google.com/storage

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level using VPC Service Controls or IAM conditions.

Secret Access Scope: HMAC keys grant access to Google Cloud Storage buckets and objects with the permissions defined by the service account associated with the key.

Secret Revokement URL: https://console.cloud.google.com/storage/settings;tab=interoperability

Secret Example: GOOG1EYAIQAFL63JSFPXJGQFCKWU2SKQGDWRFGPZXPZ5GKRY6EOFA3CBBZQ

Suspicious Activity Investigation Instructions:

  • Review Cloud Audit Logs for unusual storage access patterns or operations
  • Check for unexpected data transfers or downloads from your storage buckets
  • Monitor for unauthorized bucket or object creation, deletion, or modification
  • Examine access logs for requests from unusual geographic locations or IP addresses
  • Verify if there are any policy changes or permission modifications to your storage resources

Mitigation Instructions:

  • Immediately deactivate the compromised HMAC key in the Google Cloud

Console

  • Navigate to Cloud Storage > Settings > Interoperability tab
  • Find the compromised key and click "Deactivate"
  • Create a new HMAC key if needed with appropriate permissions
  • Review and update IAM permissions for the associated service account
  • Enable object versioning on critical buckets to protect against data loss
  • Consider implementing VPC Service Controls to restrict access to your storage

resources

  • Set up alerting for unusual storage access patterns or operations