Ensure GCP KMS keys are protected from deletion
Error: GCP KMS keys are not protected from deletion
Bridgecrew Policy ID: BC_GCP_GENERAL_34
Checkov Check ID: CKV_GCP_82
Severity: LOW
GCP KMS keys are not protected from deletion
Description
Protecting your Google Cloud Platform (GCP) KMS keys from deletion can help ensure the security and integrity of your keys. KMS keys are used to encrypt and decrypt data, and deleting them can cause data loss and disrupt the operation of your systems.
By protecting your KMS keys from deletion, you can help prevent accidental or unauthorized deletion of your keys. This can help ensure that your keys are always available when needed, and can help protect your data from potential security threats such as data breaches or unauthorized access.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_kms_crypto_key" "pass" {
name = "crypto-key-example"
key_ring = google_kms_key_ring.keyring.id
rotation_period = "15552000s"
lifecycle {
prevent_destroy = true
}
}
Updated 9 months ago