Ensure MySQL server enables infrastructure encryption

Error: MySQL server disables infrastructure encryption

Bridgecrew Policy ID: BC_AZR_GENERAL_30
Checkov Check ID: CKV_AZURE_96
Severity: LOW

MySQL server disables infrastructure encryption

Description

Enable infrastructure encryption for Azure Database for MySQL servers to have higher level of assurance that the data is secure. When infrastructure encryption is enabled, the data at rest is encrypted twice using FIPS 140-2 compliant Microsoft managed keys.

Fix - Buildtime

Terraform

  • Resource: azurerm_mysql_server
  • Argument: infrastructure_encryption_enabled
resource "azurerm_mysql_server" "example" {
  ...
+ infrastructure_encryption_enabled = true
}