services / Google Cloud / Secret Manager Versions

A version in Secret Manager contains the contents of a secret along with metadata about the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.


secretmanager.​versions.​access

Gives direct read access to secrets data (which often include keys and tokens).

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Contributed by P0 Security

© 2023–present P0 Security and contributors to the IAM Privilege Catalog