Cloud Storage buckets should be encrypted with a customer-managed key.
Using unmanaged keys makes rotation and general management difficult.
Impact
Using unmanaged keys does not allow for proper key management.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Encrypt Cloud Storage buckets using customer-managed keys.
1
2
3
4
5
6
7
8
9
10
11
|
resource "google_storage_bucket" "default" {
name = "my-default-bucket"
location = "EU"
force_destroy = true
uniform_bucket_level_access = true
encryption {
default_kms_key_name = "projects/my-pet-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key"
}
}
|
Links