Authentication

API key was not rotated in 90 days

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. API key '{GcpApiKey}' was not rotated in over 90 days. The key was created on {GcpApiKey.CreateTime}. Once a key is stolen, it has no expiration, meaning it may be used indefinitely unless the project owner revokes or regenerates the key. Rotating API keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used
  • Recommended Mitigation

    API keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen. It is recommended to regenerate the key at least every 90 days. For more information: https://cloud.google.com/docs/authentication/api-keys