> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/inventory/query-search.md).
# Query Search
P0's environment query searches let you find specific IAM data across your cloud inventory.
Query searches are controlled using two parts:
* **show** - controls which kind of data are displayed
* **where** - controls which data to show
### Show control
Currently, you can choose to "show" credentials (access keys or short-term authentication), identities (users, groups, machine identities, and so forth), entitlements (in Google Cloud, a role binding; in AWS, a policy attachment), or resources (projects, accounts, services, and individual resources such as storage buckets).
### Where control
The "where" control is a free-form search box. You can enter any term here, and P0 will find the principals or grants that relate to your search term.
*Example*:
Searching for a permission (in this case `compute.instances.create` in a Google Cloud assessment) will show you all grants that provide that permission:
To see *why* a search result matches your query, you can click on that result's "view" link. The details page will show an "Explanation" section at the bottom, describing how that result satisfies your query:
### Learn the query language
A free-form term gets you started, but you can be far more specific by writing query expressions. Two pages cover the full query language:
* [Query Language Basics](/inventory/query-search/query-language-basics.md) — a beginner-friendly walkthrough of the core search terms (`identity`, `credential`, `entitlement`, `risk`) and the operators that connect them. Start here if you're new to querying.
* [Search Reference](/inventory/query-search/search-reference.md) — the complete reference for every operator, search type, and attribute, with Cypher equivalents. Use it to look up specifics.
### Query examples
One of the best resources for constructing queries is to view the search queries for P0's built-in assessment monitors.
For instance, here's the query for detecting unused service account keys:
`show = credential`
```
credential=enabledKey:"true"
credential=last40:"unused"
principal=type:"service-account"
principal=status:"active"
```
This returns all service-account keys that have not been used in the last 40 days. For the syntax behind each term, see the [Search Reference](/inventory/query-search/search-reference.md).
### Query links
You can also construct queries using tooltips in the displayed data. To do this, hover over an item you want to either include or exclude from your search:
Select the corresponding "show" or "hide" link to either include or exclude that item in your search results.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.p0.dev/inventory/query-search.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.