Google API Keys Remain Active for 23 Minutes After Deletion, Security Researchers Warn
Table of Contents
The Ghost in the Machine
For a developer, the moment a secret API key leaks into a public repository is a race against time. The standard protocol is immediate: delete the key, rotate the credentials, and pray that no automated bot has already scraped the token. However, new research from the security firm Aikido suggests that clicking ‘delete’ in the Google Cloud Console does not actually stop the bleeding immediately.
In a series of tests, Aikido researchers discovered a substantial propagation delay in Google’s infrastructure. While a user may see the key as deleted in their dashboard, the credential can remain functional for up to 23 minutes across various global servers. This window provides a critical opportunity for attackers to exfiltrate sensitive data or trigger massive financial losses before the revocation fully syncs.
Measuring the Revocation Gap
To quantify the risk, Joseph Leon and his team at Aikido conducted ten trials over two days. The process was straightforward: create an API key, delete it, and immediately begin hammering Google’s servers with three to five authenticated requests per second until every single request was rejected.
The results revealed a chaotic inconsistency. Some servers rejected the defunct keys within seconds, while others continued to authenticate requests for nearly half an hour. Because of how Google routes traffic, an attacker can simply keep sending high-volume requests, effectively “hunting” for the servers that haven’t yet received the deletion update.
The research wasn’t limited to a single geography. Using virtual machines across the US East Coast, Western Europe, and Southeast Asia, the team found that the lag persisted regardless of region, though the speed of propagation varied unpredictably. Interestingly, VMs further from the US sometimes picked up the deletion faster, suggesting a complex internal routing and caching mechanism that prioritizes different nodes over others.
The Gemini Connection and the ‘Billing Trap’
The danger is particularly acute for those using Google’s Gemini AI models. If an attacker gains access to a key scoped for Gemini, they can potentially dump uploaded files and exfiltrate cached context from conversations. But the more immediate threat for many is the financial impact.
Google recently overhauled its billing policies to include spending tiers. While designed to help users manage costs, the system can automatically upgrade a user’s spending tier without explicit notification if usage spikes. For accounts with a history of spending over $1,000, a cap can jump from $250 to $100,000 in a matter of minutes.
This creates a perfect storm: a leaked key is used by a bot to run expensive Gemini Nano or Veo 3 tasks, the spending tier automatically scales up to accommodate the surge, and the developer—even while frantically deleting the key—watches their bill climb by five figures in real-time. In some reported cases, developers saw bills rocket to $154,000 before Google eventually issued refunds.
Google’s Stance: ‘Working as Intended’
The technical ability to fix this is evident within Google’s own ecosystem. Leon noted that service account API credentials typically propagate deletions in about five seconds, and the newer “AQ” formatted keys for Gemini propagate in roughly one minute. Both systems operate at the same scale as the legacy API keys currently suffering from the 23-minute lag.
Despite the evidence, Google appears unmoved. When Aikido reported the findings, Google closed the ticket as “Won’t Fix (Infeasible),” stating that the propagation delay is “working as intended.”
For developers, the takeaway is a stark reminder that administrative dashboards are often an abstraction of reality. The gap between a “deleted” status in a UI and a “denied” response from a server is where the most significant damage occurs.
