catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud KMS EKM Connections

An EKM connection organizes VPC connections to your on-premises external key managers in a specific Google Cloud location. An EKM connection allows you to connect to and use keys from an external key manager over a VPC network

cloudkms.​ekmConnections.​getIamPolicy

Risks

  1. Account discovery (LOW)
  2. Policy discovery (LOW)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​kms/​docs/​resource-​hierarchy
  • https:​/​/​cloud.​google.​com/​kms/​docs/​reference/​rest/​v1/​projects.​locations.​ekmConnections

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog