Did you know that, once you have authenticated using the Google Cloud Platform SDK, the credential is valid for all eternity? With the Google Cloud session control tool you can limit the validity to as little as an hour.
After you type
gcloud auth login , the credentials is stored under the directory
~/.config/gcloud. If this directory gets exfiltrated, the attacker can login using any of the accounts you ever logged in with.
To limit impact of such an event, navigate to Google Cloud session control, select the re-authentication option and choose the lifespan of the credentials. In the screenshot, I set the period to 1 hour. It drove my colleagues up the wall. Sorry.
Image by anncapictures from Pixabay
Mark van Holsteijn is a senior software systems architect, and CTO of binx.io. He is passionate about removing waste in the software delivery process and keeping things clear and simple.
Share this article: Tweet this post / Post on LinkedIn