Aqua CSPM

Key Rotation

Quick Info

Plugin TitleKey Rotation
CloudGOOGLE
CategoryCryptographic Keys
DescriptionEnsures cryptographic keys are set to rotate on a regular schedule
More InfoAll cryptographic keys should have key rotation enabled. Google will handle the rotation of the encryption key itself, as well as storage of previous keys, so previous data does not need to be re-encrypted before the rotation occurs.
GOOGLE Linkhttps://cloud.google.com/vpc/docs/using-cryptoKeys
Recommended ActionEnsure that cryptographic keys are set to rotate.

Detailed Remediation Steps

  1. Log into the Google Cloud Platform Console.
  2. Scroll down the left navigation panel and select the “Cryptographic keys” option under the “Security."
  3. On the “Cryptographic keys” page, select the “Name” as a link option to access the key.
  4. On the “Cryptographic keys- Edit” page, check whether the cryptographic keys are set to rotate on a regular schedule or not.
  5. Repeat steps number 2 - 4 to check the other cryptographic keys in the account.
  6. Navigate to the “Security” on the left navigation panel, select the “Cryptographic keys” option and select the cryptographic key in the question.
  7. Click on the 3 dots at the extreme right to choose the “Edit rotation period” option to change the rotation period to 90 days and click on the “Save” button to make the changes.
  8. Repeat steps number 6 - 7 to ensure that cryptographic keys are set to rotate.