Ensure Secret Manager secret is encrypted using KMS
Error: Unencrypted Secret Manager secret
Bridgecrew Policy ID: BC_AWS_GENERAL_58
Checkov Check ID: CKV_AWS_152
Severity: LOW
Unencrypted Secret Manager secret
Description
The Secret Manager service allows you to securely store and manage secrets, such as API keys and passwords, in a central location. By default, secrets stored in Secret Manager are encrypted at rest using Google's Key Management Service (KMS).
Encrypting your CodeBuild projects helps to protect the data stored in them from unauthorized access. This is especially important if your projects contain sensitive information such as passwords or proprietary data.
Fix - Buildtime
Terraform
- Resource: aws_secretsmanager_secret
- Argument: kms_key_id
resource "aws_secretsmanager_secret" "example" {
name = "example"
+ kms_key_id = "arn:kuku:kisi"
}
Updated 11 months ago