Happy to share a focused action for #DataPrivacyWeek: let's audit those Google Cloud service account keys.
It’s common to find keys created for a quick test that remain active with wide access to BigQuery, Cloud Storage, or even AlloyDB. Left unmanaged, these over-privileged keys pose real risks to your data privacy.
Here’s a practical checklist to reclaim control:
- Go to the GCP Console → IAM & Admin → Service Accounts.
- Review each account: Are all its assigned roles truly necessary? Apply the principle of least privilege.
- Check the keys: Are they all still actively used?
- Disable any keys you suspect are unused. If nothing breaks, delete them permanently.
- Rotate any remaining active keys that are older than 90 days.
- Consider whether this use case can be shifted to a more secure, keyless approach like Workload Identity.
Bonus tip: If you use a GCP service account for Okta provisioning, its keys deserve the same careful management. Okta Workflows can help automate reminders and enforce a strict rotation schedule.
Taking charge of your service account keys is essential for a secure, privacy-first cloud environment.
Looking forward to learning how your teams manage key rotation and adopt Workload Identity in production!
Looking for a "keyless" approach? Check out my blog post: https://lnkd.in/e9xWffSS
#GoogleCloud #DataPrivacyWeek #IdentitySecurity #CloudSecurity #Okta #GCP #IAM #AlloyDB #OktaWorkflows #ZeroTrust