Project with API keys

Authentication

Project with API keys

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
CPRA
Data Security Posture Management (DSPM) Best Practices
GCP CIS
GDPR
HITRUST
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

API keys are used for authentication, they are simple encrypted strings that identify an application without any principal. Project '{CloudAccount}' is using API keys - {CloudAccount.GcpApiKey}. API keys are insecure because they can be viewed publicly, such as from within a browser, or they can be accessed on a device where the key resides. It is recommended to not use API keys in order to avoid these security risks

Recommended Mitigation

To avoid the security risk in using API keys, it is recommended to delete API keys and use standard authentication flow instead. For more information: <a href="https://cloud.google.com/docs/authentication/api-keys" target="_blank" rel="noopener noreferrer">https://cloud.google.com/docs/authentication/api-keys</a>

Project with API keys

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS