GCP

KMS Rotation Audit

Cloud KMS keys with rotation period, last-rotated date and overdue flag.

Tier Explorer

Category Security & Identity

Refresh every 60 min

Scope project-wide

Live preview — demo data

Same idea on another cloud

AWS Key & Secret Rotation Azure Key Vault Rotation Audit

What this pane shows

Cloud KMS keys with their rotation period, last-rotated timestamp, current state and IAM bindings. Keys past their rotation interval (overdue) and keys with no rotation configured are surfaced first.

Key use cases

Identify production keys that have never been rotated.
Audit customer-managed key rotation coverage for compliance.
Find KMS keys with overly-broad encrypt / decrypt permissions.
Plan rotation work after a credential exposure incident.

How to embed

Drop this snippet on any HTML page that loads lp-embed.js. The pane mounts itself wherever the matching <div> is in the DOM.

<div class="lp-gcp-kms-rotation-panel"
     data-lp-account="<your-account-alias>"></div>
<script src="https://lightpane.io/embed/lp-embed.js"
        data-lp-key="<your-access-key>"></script>
<script src="https://lightpane.io/_pane-tests/gcp/kms-rotation/kms-rotation.js"
        defer></script>

Tier

Available on Explorer and above.

Build notes

No outstanding build notes.