How to limit the lifetime of Google Cloud Platform SDK credentials

Cloud Survey 2021

Benchmark your organization against competitors and other industries. Share your experiences and receive the free Cloud report.

Hiring

We are Binx. We make every organization cloud-native.

Did you know that, once you have authenticated using the Google Cloud Platform SDK, the credential is valid for all eternity? With the Google Cloud session control tool you can limit the validity to as little as an hour.

After you type gcloud auth login , the credentials is stored under the directory ~/.config/gcloud. If this directory gets exfiltrated, the attacker can login using any of the accounts you ever logged in with.

To limit impact of such an event, navigate to Google Cloud session control, select the re-authentication option and choose the lifespan of the credentials. In the screenshot, I set the period to 1 hour. It drove my colleagues up the wall. Sorry.

Google Cloud session control screen

Image by anncapictures from Pixabay

Mark van Holsteijn is a senior software systems architect, and CTO of binx.io. He is passionate about removing waste in the software delivery process and keeping things clear and simple.
Share this article: Tweet this post / Post on LinkedIn