API Keys

This sheet lists all of the API keys from all projects in the organization along with the restrictions placed on those API keys. API Keys are an alternative mechanism to authenticate to Google Cloud APIs as opposed to Service Account and User credentials. They are not recommended with the exception of certain Google Developer APIs such as the Google Maps API and SDK. If API Keys are necessary it highly recommend they are restricted with which client application they can be used from and which APIs are authorized to be used with the key.

This sheet was inspired by ScaleSec’s blog post on Inventory Your GCP API Keys and associated Python inventory script by Jason Dyke (@jasonadyke).

Below is a API Key list gcloud command used to generate a similar output to this sheet.

gcloud projects list --format="value(projectId)" | xargs -t -I {} \
  gcloud alpha services api-keys list --project={} --billing-project=$OPERATING_PROJECT \
    --format="csv(name.segement(1), displayName, uid, createTime)"