catalog logoThe IAM Privilege Catalog

services / Google Cloud / Secret Manager Secrets

A secret contains one or more versions along with metadata. The actual contents of the secret are stored in the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.

secretmanager.​secrets.​update

Can destroy the secret by updating it to expire. Can also add/change a customer-managed encryption key.

Risks

  1. Data destruction (CRITICAL)
  2. Data encryption (CRITICAL)
  3. Denial-of-service (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​secret-​manager/​docs/​creating-​and-​accessing-​secrets
  • https:​/​/​cloud.​google.​com/​secret-​manager/​docs/​reference/​rest/​v1/​projects.​secrets/​patch

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog