🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
☁️ HackTricks Cloud / GCP - Secretmanager Privesc

GCP - Secretmanager Privesc

{{#include ../../../banners/hacktricks-training.md}}

secretmanager

For more information about secretmanager:

{{#ref}}
../gcp-services/gcp-secrets-manager-enum.md
{{#endref}}

secretmanager.versions.access

This give you access to read the secrets from the secret manager and maybe this could help to escalate privielegs (depending on which information is sotred inside the secret):

Get clear-text secret version 
# Get clear-text of version 1 of secret: "<secret name>"
gcloud secrets versions access 1 --secret="<secret_name>"

As this is also a post exploitation technique it can be found in:

{{#ref}}
../gcp-post-exploitation/gcp-secretmanager-post-exploitation.md
{{#endref}}

secretmanager.secrets.setIamPolicy

This give you access to give you access to read the secrets from the secret manager, like using:

Add IAM policy binding to secret 
gcloud secrets add-iam-policy-binding <scret-name> \
  --member="serviceAccount:<sa-name>@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"
Or revoke policies with: 
gcloud secrets remove-iam-policy-binding <secret-name> \
--member="serviceAccount:<sa-name>@<PROJECT_ID>.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"

{{#include ../../../banners/hacktricks-training.md}}