sensitive-file/gcp-service-account

GCP service-account key

criticalSensitive filesensitive-file

What it detects

Google Cloud service-account JSON key. Usually grants broad, long-lived project access.

Revoke the key from IAM, delete the file, and switch to workload-identity or short-lived tokens.

Path / basename / content-header match. No content body is stored — only the path.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.