The approaches make sense for teams with engineering resources to build internal tooling. The LLM gateway layer is smart — virtual keys with caps is exactly the right mental model. The hard part is most solo devs and small teams never get around to building that layer, which is where the incidents happen. We built CloudSentinel specifically for that gap — automatic revocation on raw request count, no internal tooling required. Happy to share more if useful.
After reading about a 3-person startup that received an $82,000 Gemini
API bill in 48 hours (normal monthly spend: $180), I started building
CloudSentinel.
The core problem: GCP has no native kill switch. Budget alerts send an
email. Quota limits throttle requests. Neither revokes a key
automatically. And billing data is delayed by hours — useless for
real-time protection.
The architecture:
CloudSentinel monitors raw API request count — updated in near
real-time. We create an Alerting Policy inside the user's own GCP
project using MQL. When the request threshold is crossed, Google fires
a Pub/Sub webhook to CloudSentinel. We receive it and revoke that exact
key automatically.
The security decision I'm most proud of:
Revoke-Only IAM model. The Custom IAM Role has three responsibilities:
- Read API key IDs and metadata (never key values)
- Create monitoring rules inside the user's project
- Revoke a specific key when a threshold is crossed
The permission apikeys.create is not in the role. Not restricted —
absent. Even if CloudSentinel is fully compromised, an attacker can
only remove access, never create keys or touch anything else.