GCP
Service Account Audit
Every GCP service account with its keys, roles and how recently each key was used.
Live preview — demo data
Same idea on another cloud
What this pane shows
Per-service-account: display name, owned keys (with creation date, age, last-used timestamp), bound IAM roles. Service accounts with old keys, unused keys, or excessive role bindings are surfaced first.
Key use cases
- Rotate or delete service-account keys older than policy.
- Identify service accounts with unused keys (lower attack surface).
- Audit which service accounts hold privileged roles.
- Catch a service account with too-broad role bindings.
How to embed
Drop this snippet on any HTML page that loads lp-embed.js. The pane
mounts itself wherever the matching <div> is in the DOM.
<div class="lp-gcp-iam-sa-audit-panel"
data-lp-account="<your-account-alias>"></div>
<script src="https://lightpane.io/embed/lp-embed.js"
data-lp-key="<your-access-key>"></script>
<script src="https://lightpane.io/_pane-tests/gcp/iam-sa-audit/iam-sa-audit.js"
defer></script>
Tier
Available on Explorer and above.
Build notes
No outstanding build notes.