/
Ensure API keys are rotated every 90 days

Ensure API keys are rotated every 90 days

Nov 11, 2020



Description: 

It is recommended to rotate API keys every 90 days.

API keys do not expire, so if one is stolen, it may be used indefinitely unless the project owner revokes or rotates the key. Regenerating API keys frequently reduces the amount of time that a stolen API key can be used to access data on a compromised or terminated account. It is recommended to rotate API keys every 90 days.

Solution: 

  1. Go to the API keys page.

  2. For each API Key:

    1. Check the date under Creation date.

    2. If the key is over 90 days old, click the name of they key or the EDIT button.

    3. At the top of the page, click the REGENERATE KEY button.

    4. Click REPLACE KEY.

Note: To ensure your applications continue working uninterrupted, remember to update them to use the new API key. The old API key will only continue to work for 24 hours before it is permanently deactivated.

Reference: 

https://cloud.google.com/docs/authentication/api-keys