I'm reviewing security on my hosting infrastructure, which is based on Google VMs, SQL and Cloud Storage. It seems to be that the following scenario is a risk:
- I use
gcloud
orgsutil
on my MacOS laptop, which stores my sign-in credentials so that it doesn't ask for them every time I use one of these utilities. - Someone steals my laptop (very possible)
- By whatever means, the thief succeeds in signing in as me (less likely, but not impossible)
- The thief can now run
gcloud
orgsutil
and do more or less whatever damage they want to my web hosting.
This possibility seems plausible to me, and could be a catastrophic.
Can anyone think of a way of a good way to reduce this risk? For example, a way of managing security so that I am challenged to provide credentials whenever my laptop reboots or exits from sleep, but not on every single command?
(I've also asked this question as a support case with Google)