Skip to content

GCP List Secrets in Secrets Manager

Platform Author Last Update
gcp Richard Slaney 2023-07-01

An adversary may attempt to enumerate the secrets in secrets manager, in order to find secrets to access.


Required Permissions

  • secretmanager.versions.list

Required Parameters

Name Type Description Example Value
project_id str ID of the project to list service accounts from phrasal-crowbar-284615

Attacker Action

gcloud secrets list

Detection Case

ELK query

When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.

eventName:ListSecrets AND eventSource:*  

Sigma Definition