Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Find more information about Secret Manager in:
An attacker could update the secret to:
Stop rotations so the secret won't be modified
Make rotations much less often so the secret won't be modified
Publish the rotation message to a different pub/sub
Modify the rotation code being executed. This happens in a different service, probably in a Cloud Function, so the attacker will need privileged access over the Cloud Function or any other service.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
