DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Secrets

Secrets

Made by DeepSource
Use Analyzer

Hardcoded Google Cloud Platform API key in source code SCT-1003

Secrets
Critical

Leaking a Google Cloud Platform (GCP) API key in the source code can lead to unauthorized access to GCP services, which can result in financial loss and data breaches. Attackers can use this key to perform various malicious activities, such as accessing sensitive data, modifying cloud resources, and running unauthorized applications.

If an API key has been leaked, you can rotate your API keys to mitigate the vulnerability.

It is recommended to use environment variables to store the API key. This ensures that the key is not hardcoded in the source code and is kept separate from the codebase. Using environment variables also makes it easier to manage the API key as it can be updated without modifying the source code. Additionally, it is recommended that access to the API key is restricted to only those who need it, by using IAM roles and permissions.

Bad Practice

import google.auth
from google.cloud import storage

# Hardcoded API Key
api_key = "AIzaSyA-9tLXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

_, project_id = google.auth.default()
client = storage.Client(project=project_id, credentials=api_key)

Recommended

import google.auth
from google.cloud import storage
import os

# Use environment variables to store the API key
api_key = os.environ.get("GCP_API_KEY")

_, project_id = google.auth.default()
client = storage.Client(project=project_id, credentials=api_key)