apikeyscan is a standalone Go command-line tool that lists all Google Cloud API keys within a specified project, prioritizing the immediate visibility of unrestricted, high-risk keys.
Key Features
- Security by Default: Unrestricted API keys are sorted to the top of the list so they can be immediately identified, and raw key strings are safely truncated.
- Agent-First Interoperability: Implements a persistent
--jsonflag to output deterministic JSON arrays and objects suitable for CI/CD,jq, or AI agent parsing. - Semantic Styling: Uses
lipglossfor Tufte-inspired, semantic UI coloring that degrades gracefully when piped to files or ifNO_COLORis set. - Flexible Auth & Configuration: Uses Application Default Credentials (ADC) and evaluates GCP Project IDs through a robust fallback chain (flag -> env var ->
.env-> ADC).
Built as a lightweight, independent utility bypassing the need for gcloud during execution.