services / Google Cloud / Secret Manager Versions

A version in Secret Manager contains the contents of a secret along with metadata about the version.

Secret manager is a highly sensitive service. Secrets may include API keys, encryption secret keys, login credentials, and other extremely sensitive data.

secretmanager.​versions.​access

Gives direct read access to secrets data (which often include keys and tokens).

Risks

1. Cryptographic exfiltration (CRITICAL)
2. Data exfiltration (CRITICAL)

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.