Ensure Alibaba Cloud KMS Key Rotation is enabled

Error: Alibaba Cloud KMS Key Rotation is disabled

Bridgecrew Policy ID: BC_ALI_GENERAL_8
Checkov Check ID: CKV_ALI_27
Severity: LOW

Alibaba Cloud KMS Key Rotation is disabled

Description

A key is a named object representing a cryptographic key used for a specific purpose, including data protection. The key material, the actual bits used for encryption, can change over time as new key versions are created. A collection of files could be encrypted with the same key and people with decrypt permissions on that key would be able to decrypt those files.

We recommend you set a key rotation period. A key can be created with a specified rotation period, which is the time when new key versions are generated automatically. A key can also be created with a specified next rotation time.

Fix - Runtime

Fix - Buildtime

Terraform

resource "alicloud_kms_key" "pass" {
  description             = "Hello KMS"
  pending_window_in_days  = "7"
  status                  = "Enabled"
  automatic_rotation      = "Enabled"
}