> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-service-accounts-has-access-to-only-gcp-managed-access-keys.md). # How to resolve Sprinto check to ensure service accounts has access to only GCP managed access keys ### About Sprinto check: Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account The above-mentioned Sprinto check verifies that all service account keys on Google Cloud Platform (GCP) are managed by GCP itself, ensuring better security and key management. ### Purpose The purpose of this check is to enforce the use of GCP-managed service account keys for each service account. Service account keys are used to authenticate and authorize services or applications to access GCP resources. By using GCP-managed keys, you can ensure that these keys are securely generated, rotated, and managed by GCP, reducing the risk of key compromise or misuse. ### How to fix this check Follow the below steps to resolve the check: #### Before you begin * Ensure you have administrator privileges on the GCP account where you want to make configuration changes. #### Removing direct keys access from service accounts 1. Log in to the [GCP Console](https://www.google.com/aclk?sa=l\&ai=DChcSEwi_v8nV7JyGAxUXMnsHHfVtDWkYABAAGgJ0bQ\&ase=2\&gclid=Cj0KCQjw6auyBhDzARIsALIo6v9V6nZAdIrWq2yck-4XDY56bK75XKmQgJ4P0oGsOToO56gYjRK4_kEaAuVIEALw_wcB\&sig=AOD64_0pCSge4GDX-CF5ISqPQOa17NdarA\&q\&nis=4\&adurl\&ved=2ahUKEwip8MPV7JyGAxWXla8BHVsPCuoQ0Qx6BAgGEAE) using your credentials. 2. Navigate to the IAM & Admin service and select Service Accounts from the left-side navigation bar.

3. Review the service accounts and ensure there is no key added next to the service account. 4. If you find a service account with the listed key, click the action button on the right side and click Manage keys.

5. Click on the delete icon next to the key to revoke access from the service account.

6. Repeat the above steps and ensure no service account has access to a direct key. Sprinto will detect the configuration change and set the check status to "Passing." Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/authentication-and-access-monitors/how-to-resolve-sprinto-check-to-ensure-service-accounts-has-access-to-only-gcp-managed-access-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.