Ensure Azure Data Explorer encryption at rest uses a customer-managed key

Error: Azure Data Explorer encryption at rest does not use a customer-managed key

Bridgecrew Policy ID: BC_AZR_GENERAL_33
Checkov Check ID: CKV2_AZURE_11
Severity: LOW

Azure Data Explorer encryption at rest does not use a customer-managed key

Description

TBA. Customer-managed Key (CMK)

Fix - Buildtime

Terraform

  • Resource: azurerm_kusto_cluster, azurerm_kusto_cluster_customer_managed_key
  • Argument: cluster_id (of azurerm_kusto_cluster_customer_managed_key )
resource "azurerm_kusto_cluster" "cluster_ok" {
  name                = "kustocluster"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  sku {
    name     = "Standard_D13_v2"
    capacity = 2
  }

  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_kusto_cluster_customer_managed_key" "example" {
  cluster_id   = azurerm_kusto_cluster.cluster_ok.id
  key_vault_id = azurerm_key_vault.example.id
  key_name     = azurerm_key_vault_key.example.name
  key_version  = azurerm_key_vault_key.example.version
}

Did this page help you?