Google (GCP) Private Key ID
Service Name: Google Cloud Platform
Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering a wide range of services including computing, data storage, data analytics, and machine learning.
Service Address: https://cloud.google.com/
GCP Private Key ID
- Validation Type: NHI Enriched
- IP Allow list: Does not exist
- Secret Access Scope: Grants access to Google Cloud resources associated with the service account. The private key ID is part of a service account key that allows programmatic access to GCP services.
- Secret Revokement URL: https://cloud.google.com/iam/docs/creating-managing-service-account-keys#deleting
- Secret Example:
0123456789abcdefghijklmnopqrstuvwxyz012345 - Suspicious Activity Investigation Instructions:
- Review Google Cloud audit logs for unusual API calls or resource access
- Check for unauthorized service account key creation or usage
- Examine resource access patterns for anomalies
- Verify if the service account has been used from unexpected IP addresses or locations
- Check for any privilege escalation attempts using the compromised service account
- Mitigation Instructions:
- Immediately rotate the service account key by creating a new key and deleting the compromised one
- Navigate to the Google Cloud Console IAM & Admin section
- Select Service Accounts and locate the affected service account
- Delete the compromised key from the Keys tab
- Review and potentially restrict the permissions assigned to the service account
- Enable audit logging if not already enabled to monitor future activity
- Consider implementing more restrictive IAM policies for service account key creation