Skip to content

Latest commit

 

History

History
75 lines (51 loc) · 3.98 KB

gcp-kms-and-secrets-management-enum.md

File metadata and controls

75 lines (51 loc) · 3.98 KB
Raw

GCP - KMS and Secrets Management Enum

Support HackTricks and get benefits!

KMS

Cloud Key Management Service is a repository for storing cryptographic keys, such as those used to encrypt and decrypt sensitive files. Individual keys are stored in key rings, and granular permissions can be applied at either level.

Having permissions to list the keys this is how you can access them:

# List the global keyrings available
gcloud kms keyrings list --location global
gcloud kms keyrings get-iam-policy <KEYRING>

# List the keys inside a keyring
gcloud kms keys list --keyring <KEYRING> --location <global/other_locations>
gcloud kms keys get-iam-policy <KEY>

# Decrypt a file using one of your keys
gcloud kms decrypt --ciphertext-file=[INFILE] \
    --plaintext-file=[OUTFILE] \
    --key [KEY] \
    --keyring [KEYRING] \
    --location global

Secrets Management

Google Secrets Management is a vault-like solution for storing passwords, API keys, certificates, and other sensitive data. As of this writing, it is currently in beta.

# First, list the entries
gcloud secrets list
gcloud secrets get-iam-policy <secret>

# Then, pull the clear-text of any secret
gcloud secrets versions access 1 --secret="[SECRET NAME]"

Note that changing a secret entry will create a new version, so it's worth changing the 1 in the command above to a 2 and so on.

Privesc

In the following page you can check how to abuse secretmanager permissions to escalate privileges:

{% content-ref url="../gcp-privilege-escalation/gcp-secretmanager-privesc.md" %} gcp-secretmanager-privesc.md {% endcontent-ref %}

References

Support HackTricks and get benefits!