Corey Quinn
I’ve been asking AWS for this for years. Good on Google for implementing it.
May 20, 2024 at 9:46pmWeb
Show threadPamela DingleMay 20, 2024
@Quinnypig wait but what is the policy change? Are they disabling the key on detection? Giving the admin a choice? Suspense is killing me I need the screenshot of one more scolled screen…
Show threadPamela DingleMay 20, 2024
@Quinnypig if I look close I can see the words “proactively disable any” on that last line, wow.
Show threadAntiCompositeMay 20, 2024
@pamelarosiedee @Quinnypig See the blog post at https://cloud.google.com/blog/products/identity-security/automatically-disabling-leaked-service-account-keys-what-you-need-to-know
Automatically disabling leaked service account keys: What you need to know | Google Cloud Blog

Starting June 16, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.

Google Cloud Blog
Show threadmanchicken moved!May 20, 2024
@Quinnypig I thought AWS already had this as part of the GitHub secrets detection functionality (which is universally enabled for public repos, and sold separately with GHAS for private ones).
Am I mistaken?