catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud KMS EKM Configs

A Cloud KMS EKM config applies to all keys with a protection level of EXTERNAL_VPC in a given project or location. These are keys managed by and stored in an external key management system and accessed by Cloud KMS over VPC.

cloudkms.​ekmConfigs.​getIamPolicy

Risks

  1. Account discovery (LOW)
  2. Policy discovery (LOW)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​kms/​docs/​reference/​rest/​v1/​EkmConfig

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog