Code Monkey home page Code Monkey logo

galactus's Introduction

Galactus - unused GCP Service Account/Key detector

This script uses GCP's Policy Analyzer feature to detect unused Service Accounts (SA) or Service Account Keys (SAK).

Prerequisites

Script arguments

$ ./galactus --help
usage: galactus [-h] -p PROJECT -a ACTIVITY_TYPE [-l LIMIT] -t THRESHOLD [-d]

Unused GCP Service Account and Key detector

options:
  -h, --help            show this help message and exit
  -p PROJECT, --project PROJECT
                        GCP Project name
  -a ACTIVITY_TYPE, --activity-type ACTIVITY_TYPE
                        Activity type (serviceAccountLastAuthentication / serviceAccountKeyLastAuthentication)
  -l LIMIT, --limit LIMIT
                        Result limit
  -t THRESHOLD, --threshold THRESHOLD
                        Date threshold in format "%Y-%m-%dT%H:%M:%SZ"
  -d, --debug           Enable debug logging

Using environment variables

The following environment variable can be used instead of command line arguments (arguments take precedence):

  • GCP_PROJECT - instead of -p/--project
  • ACTIVITY_TYPE - instead of -a/--activity-type
  • THRESHOLD - instead of -t/--threshold
  • DEBUG - instead of -d/--debug

Examples

Find SA that were not used since before 1.5.2022:

$ ./galactus -p test-eyal -t 2022-05-01T00:00:00Z -a serviceAccountLastAuthentication
2022-07-15 17:35:25,078 - INFO - //iam.googleapis.com/projects/test-eyal/serviceAccounts/[email protected] - last used 2022-02-28T08:00:00Z

Find SAK that were not used since before 28.2.2022 at 10AM:

$ ./galactus -p test-eyal -t 2022-02-28T10:00:00Z -a serviceAccountKeyLastAuthentication
2022-07-15 17:36:52,823 - INFO - //iam.googleapis.com/projects/test-eyal/serviceAccounts/[email protected]/keys/b2edfc3fc441c9937c0c2e0da2b1345d57a02abb - last used 2022-02-28T08:00:00Z

Deploying to GKE

Example manifests can be found in the kustomize directory. Do the following before applying:

galactus's People

Contributors

eyalzek avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.