# How to resolve Sprinto check to ensure service accounts has access to only GCP managed access keys

### About

Sprinto check: Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account

The above-mentioned Sprinto check verifies that all service account keys on Google Cloud Platform (GCP) are managed by GCP itself, ensuring better security and key management.

### Purpose

The purpose of this check is to enforce the use of GCP-managed service account keys for each service account. Service account keys are used to authenticate and authorize services or applications to access GCP resources. By using GCP-managed keys, you can ensure that these keys are securely generated, rotated, and managed by GCP, reducing the risk of key compromise or misuse.

### How to fix this check

Follow the below steps to resolve the check:

#### Before you begin

* Ensure you have administrator privileges on the GCP account where you want to make configuration changes.

#### Removing direct keys access from service accounts

1. Log in to the [GCP Console](https://www.google.com/aclk?sa=l\&ai=DChcSEwi_v8nV7JyGAxUXMnsHHfVtDWkYABAAGgJ0bQ\&ase=2\&gclid=Cj0KCQjw6auyBhDzARIsALIo6v9V6nZAdIrWq2yck-4XDY56bK75XKmQgJ4P0oGsOToO56gYjRK4_kEaAuVIEALw_wcB\&sig=AOD64_0pCSge4GDX-CF5ISqPQOa17NdarA\&q\&nis=4\&adurl\&ved=2ahUKEwip8MPV7JyGAxWXla8BHVsPCuoQ0Qx6BAgGEAE) using your credentials.
2. Navigate to the IAM & Admin service and select Service Accounts from the left-side navigation bar.<br>

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72098688888/original/URLIszeVwI2bUpfHgFbOmFBdcMMknSeJrw.png?1716230092" alt=""><figcaption></figcaption></figure>
3. Review the service accounts and ensure there is no key added next to the service account.
4. If you find a service account with the listed key, click the action button on the right side and click Manage keys.

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72098688893/original/Zr1Oa6Rf19d_zfE__jEI7-RoPtpo4stDLw.png?1716230092" alt="" width="563"><figcaption></figcaption></figure>
5. Click on the delete icon next to the key to revoke access from the service account.<br>

   <figure><img src="https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/72098688894/original/yCJGiHWFIKLVfslM9MUNHT89hWJWJn_7tQ.png?1716230092" alt="" width="563"><figcaption></figcaption></figure>
6. Repeat the above steps and ensure no service account has access to a direct key.&#x20;

Sprinto will detect the configuration change and set the check status to "Passing."

Contact [Sprinto support](mailto:www.support@sprinto.com) if you have any queries related to the check or need assistance.