How to resolve Sprinto check to ensure service accounts has access to only GCP managed access keys

About

Sprinto check: Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account

The above-mentioned Sprinto check verifies that all service account keys on Google Cloud Platform (GCP) are managed by GCP itself, ensuring better security and key management.

Purpose

The purpose of this check is to enforce the use of GCP-managed service account keys for each service account. Service account keys are used to authenticate and authorize services or applications to access GCP resources. By using GCP-managed keys, you can ensure that these keys are securely generated, rotated, and managed by GCP, reducing the risk of key compromise or misuse.

How to fix this check

Follow the below steps to resolve the check:

Before you begin

• Ensure you have administrator privileges on the GCP account where you want to make configuration changes.

Removing direct keys access from service accounts

1. Log in to the GCP Console using your credentials.

2. Navigate to the IAM & Admin service and select Service Accounts from the left-side navigation bar.

3. Review the service accounts and ensure there is no key added next to the service account.

4. If you find a service account with the listed key, click the action button on the right side and click Manage keys.

5. Click on the delete icon next to the key to revoke access from the service account.

6. Repeat the above steps and ensure no service account has access to a direct key.

Sprinto will detect the configuration change and set the check status to "Passing."

Contact Sprinto support if you have any queries related to the check or need assistance.