catalog logoThe IAM Privilege Catalog

services / Google Cloud / Google API Keys

An API Key can be used to authenticate to supported Google REST APIs. Not all Google APIs support authentication via API key.

Because API keys do not provide a principal or check any additional authorization information, an individual that gains access to an API key will be able to use it to call supported Google APIs without detection.

apikeys.​keys.​update

Can be used to add or remove restrictions (API restrictions or application restrictions) on how the key can be used.

Risks

  1. Denial-of-service (HIGH)
  2. Defense destruction (EVASION)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​cloud.​google.​com/​docs/​authentication/​api-​keys
  • https:​/​/​cloud.​google.​com/​api-​keys/​docs/​reference/​rest/​v2/​keys
  • https:​/​/​cloud.​google.​com/​api-​keys/​docs/​overview

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog