API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. API key '{GcpApiKey}' was not rotated in over 90 days. The key was created on {GcpApiKey.CreateTime}. Once a key is stolen, it has no expiration, meaning it may be used indefinitely unless the project owner revokes or regenerates the key. Rotating API keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used
Recommended Mitigation
API keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen. It is recommended to regenerate the key at least every 90 days. For more information: https://cloud.google.com/docs/authentication/api-keys
Authentication
