Authentication

GCP Secret Manager secret with automatic rotation disabled

Risk Level

Informational (4)

Platform(s)

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is configured without sending rotation messages to Pub/Sub topics, which not recommended since rotating limits determent how long an unauthorized user can use a compromised secret.
  • Recommended Mitigation

    It is recommended to set rotation time and rotation period to send messages to Pub/Sub topics regarding rotation a secret. For more information see: <a href="https://cloud.google.com/secret-manager/docs/rotation-recommendations" target="_blank" rel="noopener noreferrer">https://cloud.google.com/secret-manager/docs/rotation-recommendations</a>