Authentication

GCP Secret Manager secret with automatic rotation disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is configured without sending rotation messages to Pub/Sub topics, which not recommended since rotating limits determent how long an unauthorized user can use a compromised secret.

  • Recommended Mitigation

    It is recommended to set rotation time and rotation period to send messages to Pub/Sub topics regarding rotation a secret. For more information see: <a href="https://cloud.google.com/secret-manager/docs/rotation-recommendations" target="_blank" rel="noopener noreferrer">https://cloud.google.com/secret-manager/docs/rotation-recommendations</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.