services / Google Cloud / Cloud KMS Crypto Key Versions
A key version contains key material used for encryption or signing.
Cloud KMS is an extremely sensitive service. Keys can be used for encryption/decryption of sensitive data or for the creation or verification of digital signatures.
cloudkms.cryptoKeyVersions.useToSign
Can be used to sign data with the key version.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog