Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of API keys not being created for a project in GCP, you can follow the below steps using the GCP console:
- Go to the GCP console and select the project for which you want to remediate the misconfiguration.
- Navigate to the “APIs & Services” section from the left-hand side menu.
- Click on the “Credentials” tab from the top menu.
- On the Credentials page, you will see a list of all the existing credentials for the project.
- Look for any API keys that have been created for the project. If you find any, select them and click on the “Delete” button to remove them.
- If there are no API keys, then the misconfiguration is already remediated.
- To prevent API keys from being created in the future, you can go to the “APIs & Services” section and click on the “Restrict keys” button.
- On the Restrict keys page, select the “Do not restrict key” option and click on the “Save” button.
- This will prevent any API keys from being created for the project in the future.
Using CLI
Using CLI
To remediate the misconfiguration “Ensure API Keys Are Not Created For A Project” for GCP using GCP CLI, follow these steps:Note: Replace Note: Replace Note: Replace
- Open the Cloud Shell in the GCP Console.
- Run the following command to list all the projects in your GCP account:
- Select the project for which you want to ensure that API keys are not created.
- Run the following command to check if any API keys are created for the selected project:
[SA-NAME] with the name of the service account and [PROJECT-ID] with the ID of the selected project.- If any API keys are listed, delete them using the following command:
[KEY-ID] with the ID of the API key you want to delete, [SA-NAME] with the name of the service account and [PROJECT-ID] with the ID of the selected project.- Repeat steps 4 and 5 for all the service accounts in the selected project.
- Once all the API keys are deleted, ensure that the service accounts are not granted any unnecessary permissions.
- Verify that no API keys are created for the selected project using the following command:
[SA-NAME] with the name of the service account and [PROJECT-ID] with the ID of the selected project.- If no API keys are listed, the remediation is complete.
Using Python
Using Python
To remediate the issue of ensuring API keys are not created for a project in GCP, you can use the following steps using Python:By following these steps, you can ensure that API keys are not created for a project in GCP and remediate any existing misconfigurations.
- First, authenticate to your GCP project using the
google-authlibrary. You can install it using pip:
- Next, use the
google-cloud-resource-managerlibrary to retrieve the list of all projects in your GCP account. You can install it using pip:
- Once you have the list of projects, loop through each project and check if there are any active API keys associated with it. You can use the
google-cloud-kmslibrary to list the keys associated with a project:
- If you find any active API keys associated with a project, you can delete them using the
google-cloud-kmslibrary:
- Finally, you can revoke the API key using the
google-authlibrary: