Ensure GCP Vertex AI Metadata Store uses a Customer Manager Key (CMK)
Error: GCP Vertex AI Metadata Store does not use a Customer Manager Key (CMK)
Bridgecrew Policy ID: BC_GCP_GENERAL_25
Checkov Check ID: CKV_GCP_96
Severity: LOW
GCP Vertex AI Metadata Store does not use a Customer Manager Key (CMK)
Description
This policy identifies Vertex AI Metadata Stores which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer-managed KMS Keys to encrypt your Vertex AI Metadata Store data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
- Resource: google_vertex_ai_metadata_store
- Arguments: region.encryption_spec.kms_key_name
resource "google_vertex_ai_metadata_store" "pass" {
name = "test-store"
description = "Store to test the terraform module"
region = "us-central1"
encryption_spec {
kms_key_name=google_kms_crypto_key.example.name
}
}
Updated 11 months ago