Ensure Alibaba Cloud KMS Key Rotation is enabled
Error: Alibaba Cloud KMS Key Rotation is disabled
Bridgecrew Policy ID: BC_ALI_GENERAL_8
Checkov Check ID: CKV_ALI_27
Severity: LOW
Alibaba Cloud KMS Key Rotation is disabled
Description
A key is a named object representing a cryptographic key used for a specific purpose, including data protection. The key material, the actual bits used for encryption, can change over time as new key versions are created. A collection of files could be encrypted with the same key and people with decrypt permissions on that key would be able to decrypt those files.
We recommend you set a key rotation period. A key can be created with a specified rotation period, which is the time when new key versions are generated automatically. A key can also be created with a specified next rotation time.
Fix - Runtime
Fix - Buildtime
Terraform
resource "alicloud_kms_key" "pass" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
automatic_rotation = "Enabled"
}
Updated 9 months ago