catalog logoThe IAM Privilege Catalog

services / Google Cloud / Secret Manager Secrets

A secret contains one or more versions along with metadata. The actual contents of the secret are stored in the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.

secretmanager.​secrets.​get

This includes account discovery because the names of secrets may expose accounts that the secrets are associated with. Does not give access to secrets.

Risks

  1. Account discovery (LOW)
  2. Infrastructure discovery (LOW)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​secret-​manager/​docs/​creating-​and-​accessing-​secrets
  • https:​/​/​cloud.​google.​com/​secret-​manager/​docs/​reference/​rest/​v1/​projects.​secrets/​patch

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog