Severity Framework
Snyk CCSS
Rule category
Keys and Secrets / Keys and Secrets
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Google
CSA-CCM
HIPAA
ISO-27001
SOC-2
- Snyk ID SNYK-CC-00408
- credit Snyk Research Team
Description
Google-managed service account keys are automatically managed and rotated by Google and cannot be downloaded. For user-managed service account keys, the user must take ownership of management activities including key storage, distribution, revocation, and rotation. Even with key owner precautions, user-managed keys can be easily leaked into source code or left on support blogs.
How to fix?
Remove all google_service_account_key resources for google_service_account resources.
Example Configuration
resource "google_service_account" "allowed" {
account_id = "service-account408"
display_name = "Service Account"
project = "my-project"
}