Authentication

API key was not rotated in 90 days

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCM-CSA
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • Data Security Posture Management (DSPM) Best Practices
  • ,
  • GCP CIS
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • UK Cyber Essentials

Description

API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. API key '{GcpApiKey}' was not rotated in over 90 days. The key was created on {GcpApiKey.CreationTime}. Once a key is stolen, it has no expiration, meaning it may be used indefinitely unless the project owner revokes or regenerates the key. Rotating API keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used