Skip to content

Google (GCP) Private Key ID

Service Name: Google Cloud Platform

Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a wide range of services including computing, data storage, data analytics, and machine learning.

Service Address: https://cloud.google.com/

GCP Private Key ID

  • Validation Type: NHI Enriched
  • IP Allow list: Does not exist
  • Secret Access Scope: Grants access to Google Cloud resources associated with the service account. The private key ID is part of a service account key that allows programmatic access to GCP services.
  • Secret Revokement URL: https://cloud.google.com/iam/docs/creating-managing-service-account-keys#deleting
  • Secret Example: 0123456789abcdefghijklmnopqrstuvwxyz012345
  • Suspicious Activity Investigation Instructions:
  • Review Google Cloud audit logs for unusual API calls or resource access
  • Check for unauthorized service account key creation or usage
  • Examine resource access patterns for anomalies
  • Verify if the service account has been used from unexpected IP addresses or locations
  • Check for any privilege escalation attempts using the compromised service account
  • Mitigation Instructions:
  • Immediately rotate the service account key by creating a new key and deleting the compromised one
  • Navigate to the Google Cloud Console IAM & Admin section
  • Select Service Accounts and locate the affected service account
  • Delete the compromised key from the Keys tab
  • Review and potentially restrict the permissions assigned to the service account
  • Enable audit logging if not already enabled to monitor future activity
  • Consider implementing more restrictive IAM policies for service account key creation