Assigned
Status Update
No update yet.
Comments
vi...@google.com
Thanks for the report. I will route this to the appropriate internal team and update this when I hear back from them.
Default access
View
Expanded Access
--
--
--
Description
This will create a feature request which anybody can view and comment on.
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
As an IAM admin, I would like to visually distinguish between multiple valid generated keys in the IAM > Service Account Details > Keys section for security/housekeeping purposes, so that I can tell whether we need to keep the key or delete it, periodically or after an employee moves on from the organization.
How this might work:
A label field in the key's JSON allows the user who generates the key to add pertinent details, like
owner:janedoe@derp.com. This field could be a free text field, or could also be an immutable field that is hard-coded to the UID of the key creator.The problem that this solves:
Currently, the only person who is guaranteed to have the contents of the generated JSON file is the person who did the key creation, and there is no way for an IAM admin to know who's using which keys. This makes for problematic auditing and housekeeping.