1. GCP - Search Creds

GCP - Where Credentials Can Be Found

Service	Credential Type	Location	Extraction Method
GCP Metadata Server	Temporary IAM Tokens	`http://169.254.169.254/computeMetadata/v1/`	`curl` with header `Metadata-Flavor: Google`
Secret Manager	API Keys, Secrets	GCP-managed secret store	`gcloud secrets versions access`
Cloud Functions	Environment Variables	Function configurations	`gcloud functions describe`
Cloud Run Services	Environment Variables	Runtime settings	`gcloud run services describe`
Cloud Build	Hardcoded Secrets	Build configurations (`cloudbuild.yaml`)	Search project files
Cloud Source Repositories	Hardcoded API Keys	Git Repositories	`git grep`, manual code inspection
GCS Buckets	Config Files, Tokens	JSON, YAML, TF files	`gsutil cp` or `gcloud storage cp`
App Engine	App Environment Variables	App settings	`gcloud app describe`
Stackdriver Logging	Sensitive Log Data	Cloud Logs	Query logs for leaked secrets

Service	Default Exposure	Public Endpoint Example	Notes
GCS (Cloud Storage)	Optional	`https://storage.googleapis.com/<bucket>/<object>`	Buckets can be made public, often unintentionally.
App Engine	Public (default)	`https://<project>.appspot.com/`	Public unless firewall rules or IAP enforced.
Cloud Run	Optional	`https://<service>-<hash>.a.run.app`	Public unless "internal" or "authenticated" access set.
Cloud Functions	Public (default)	`https://<region>-<project>.cloudfunctions.net/<function>`	Protect using IAM or token-based auth.
GKE (Kubernetes)	Optional	`https://<ip>:<port>` (Ingress/Load Balancer)	Exposed via LB/IP if not restricted.
Cloud SQL	Public (if enabled)	IP address via authorized networks	Use private IP or Cloud SQL Proxy to avoid public exposure.
Cloud Endpoints	Public	`https://<api>.endpoints.<project>.cloud.goog/`	API gateway for services; access control configurable.
Cloud CDN	Public	`https://<cdn>.cdn.googleapis.com/`	Designed to be public-facing for web delivery.