Effective June 17, 2024, Cloud Source Repositories isn't available to new customers. If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API. Organizations that have used Cloud Source Repositories prior to June 17, 2024 are not affected by this change.
Stay organized with collectionsSave and categorize content based on your preferences.
You should never store security keys in a version-control system.
Cloud Source Repositories can help you prevent users from storing security keys in a
Google Cloud repository. Cloud Source Repositories
can check for the following types of security keys:
Google Cloud service account credentials (JSON format)
PEM-encoded private keys (including RSA, DSA, and PGP)
This checking feature is available for all repositories at no charge.
How the security-key checking feature works
When a user executes agit pushcommand, the checking feature looks for data
that might be a security key. If a match is found, the feature blocks thegitpush and notifies users what was found and where. For example:
The push has been rejected because we detect that it contains a private key.
Please check the following commands and confirm that it's intentional:
git show [COMMIT]
You can use `git rev-list --objects --all` to find the files.
To push these files, please run `git push -o nokeycheck`.
Before you begin
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Detecting security keys\n\nYou should never store security keys in a version-control system.\nCloud Source Repositories can help you prevent users from storing security keys in a\nGoogle Cloud repository. Cloud Source Repositories\ncan check for the following types of security keys:\n\n- Google Cloud service account credentials (JSON format)\n- PEM-encoded private keys (including RSA, DSA, and PGP)\n\nThis checking feature is available for all repositories at no charge.\n\nHow the security-key checking feature works\n-------------------------------------------\n\nWhen a user executes a `git push` command, the checking feature looks for data\nthat might be a security key. If a match is found, the feature blocks the `git`\npush and notifies users what was found and where. For example: \n\n```\nThe push has been rejected because we detect that it contains a private key.\nPlease check the following commands and confirm that it's intentional:\n\ngit show [COMMIT]\n\nYou can use `git rev-list --objects --all` to find the files.\n\nTo push these files, please run `git push -o nokeycheck`.\n```\n| **Note:** To help store security keys more securely, consider using [Cloud Key Management Service](/kms/docs/store-secrets).\n\nBefore you begin\n----------------\n\n\nIn the Google Cloud console, on the project selector page,\nselect or create a Google Cloud project.\n| **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n[Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nDisable security key detection\n------------------------------\n\nTo disable security key detection, use the following `gcloud` command: \n\n gcloud init\n gcloud source project-configs update --disable-pushblock\n\nEnable security key detection\n-----------------------------\n\nTo enable private key detection, use the following `gcloud` command: \n\n gcloud init\n gcloud source project-configs update --enable-pushblock\n\nOverride security key detection\n-------------------------------\n\nTo override the security key detection feature, use the following `git`\ncommand: \n\n git push -o nokeycheck\n\nWhat's next\n-----------\n\nAfter you set up a Google Cloud repository, you might find the following\ntopics helpful:\n\n- [Controlling access to repositories](/source-repositories/docs/configure-access-control)\n- [Using the source browser](/source-repositories/docs/using-source-browser)"]]
