Ensure GCP KMS keys are protected from deletion

Error: GCP KMS keys are not protected from deletion

Bridgecrew Policy ID: BC_GCP_GENERAL_34
Checkov Check ID: CKV_GCP_82
Severity: LOW

GCP KMS keys are not protected from deletion


Protecting your Google Cloud Platform (GCP) KMS keys from deletion can help ensure the security and integrity of your keys. KMS keys are used to encrypt and decrypt data, and deleting them can cause data loss and disrupt the operation of your systems.

By protecting your KMS keys from deletion, you can help prevent accidental or unauthorized deletion of your keys. This can help ensure that your keys are always available when needed, and can help protect your data from potential security threats such as data breaches or unauthorized access.

Fix - Runtime

Fix - Buildtime


resource "google_kms_crypto_key" "pass" {
  name            = "crypto-key-example"
  key_ring        = google_kms_key_ring.keyring.id
  rotation_period = "15552000s"

  lifecycle {
    prevent_destroy = true