GCP
KMS Rotation Audit
Cloud KMS keys with rotation period, last-rotated date and overdue flag.
Live preview — demo data
Same idea on another cloud
What this pane shows
Cloud KMS keys with their rotation period, last-rotated timestamp, current state and IAM bindings. Keys past their rotation interval (overdue) and keys with no rotation configured are surfaced first.
Key use cases
- Identify production keys that have never been rotated.
- Audit customer-managed key rotation coverage for compliance.
- Find KMS keys with overly-broad encrypt / decrypt permissions.
- Plan rotation work after a credential exposure incident.
How to embed
lp.js is the single-entry loader: it injects the shared LightPane runtime
(and sd-embed.css) once per page. Add this pane's own stylesheet and script;
the pane mounts itself wherever the matching <div> is in the DOM.
<!-- In <head> — this pane's stylesheet -->
<link rel="stylesheet" href="https://lightpane.io/_pane-tests/gcp/kms-rotation/kms-rotation.css">
<!-- Your access key (inline, or set window.lpEmbed.accessKey from your own JS) -->
<script>window.lpEmbed = { accessKey: "<your-access-key>" };</script>
<!-- Where the pane should appear -->
<div class="lp-gcp-kms-rotation-panel" data-lp-account="<your-account-alias>"></div>
<!-- Before </body> — shared loader + this pane's script -->
<script src="https://lightpane.io/embed/lp.js"></script>
<script src="https://lightpane.io/_pane-tests/gcp/kms-rotation/kms-rotation.js" defer></script>
Tier
Available on Explorer and above.
Build notes
No outstanding build notes.