Disks should be encrypted with customer managed encryption keys
Using unmanaged keys makes rotation and general management difficult.
Impact
Using unmanaged keys does not allow for proper key management.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Use managed keys to encrypt disks.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
resource "google_compute_disk" "good_example" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
kms_key_self_link = "something"
}
}
|