Techly NewsGet the app

Get the latest tech news

GCP CloudQuarry: Searching for Secrets in Public GCP Images


We scanned 8,400+ public GCP images and did not find a single exposed secret! That’s a dramatic reversal compared to the hundreds we found in AWS AMIs and dozens in Azure Public images. GCP’s curated, tightly- controlled image marketplace has seemingly eliminated secret exposure in its cloud images

The restriction to marketplace vendors and approved publishers likely contributes significantly to the absence of secrets in publicly available images, as these entities presumably undergo more rigorous vetting processes. This result highlights the effectiveness of GCP's validation policies and suggests that their curated approach to public images provides significant security benefits. We want to give a shoutout to Truffle Security for their initiative in supporting this research and for building TruffleHog, an amazing tool for secret detection that made this comprehensive analysis possible.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of secrets

secrets

Photo of GCP

GCP

Photo of public gcp images

public gcp images

Related news:

News photo

SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets

News photo

The Secrets We Keep

News photo

YouTuber leaked iOS secrets via friend spying on dev's phone, Apple lawsuit claims

« Nvidia’s China-bound H20 AI chips face Beijing scrutiny over ‘tracking’ and security concerns
Magentic-UI: Towards Human-in-the-Loop Agentic Systems »