catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud KMS EKM Connections

An EKM connection organizes VPC connections to your on-premises external key managers in a specific Google Cloud location. An EKM connection allows you to connect to and use keys from an external key manager over a VPC network

cloudkms.​ekmConnections.​update

Can update the settings used connect to the external key management instance, such as the EKM hostname and the server hostname. Changing these settings can render keys inaccessible.

Risks

  1. Denial-of-service (HIGH)

Scope: MEDIUM

This privilege may grant access to confidential data, or its exploit can incur operational cost.

Links

  • https:​/​/​cloud.​google.​com/​kms/​docs/​resource-​hierarchy
  • https:​/​/​cloud.​google.​com/​kms/​docs/​reference/​rest/​v1/​projects.​locations.​ekmConnections

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog