Revoke Google Cloud tokens discovered on GitLab.com public repositories
## Goal Protect users by sending any Google Cloud credentials found on GitLab.com public repositories to Google for handling. ## Details Google would like us to send them the following credentials when we detect them publicly accessible on GitLab.com: - Google Cloud service account keys - Google API keys - OAuth secrets (added later) They will provide API details to us, which we will record in confidential issue https://gitlab.com/gitlab-org/gitlab/-/issues/375195. ## Confidentiality See internal note: https://gitlab.com/groups/gitlab-org/-/epics/8835#note_1434684136 ## Materials - [Meeting notes (team members only)](https://docs.google.com/document/d/14DMAVQQFk6wy8ZVJgesPnz1QKa2wPP0TuWZZ1aJqkVI/edit#) - [Legal coordination issue (team members only)](https://gitlab.com/gitlab-com/legal-and-compliance/-/issues/1143) - Thread about when to announce this partnership: https://gitlab.com/groups/gitlab-org/-/epics/8835#note_1312777018
epic