How to limit the lifetime of Google Cloud Platform SDK credentials

29 Jan, 2021
Xebia Background Header Wave

Did you know that, once you have authenticated using the Google Cloud Platform SDK, the credential is valid for all eternity? With the Google Cloud session control tool you can limit the validity to as little as an hour. After you type gcloud auth login , the credentials is stored under the directory ~/.config/gcloud. If this directory gets exfiltrated, the attacker can login using any of the accounts you ever logged in with. To limit impact of such an event, navigate to Google Cloud session control, select the re-authentication option and choose the lifespan of the credentials. In the screenshot, I set the period to 1 hour. It drove my colleagues up the wall. Sorry. Google Cloud session control screen Image by anncapictures from Pixabay

Mark van Holsteijn
Mark van Holsteijn is a senior software systems architect at Xebia Cloud-native solutions. He is passionate about removing waste in the software delivery process and keeping things clear and simple.

Get in touch with us to learn more about the subject and related solutions

Explore related posts