Ensure that Secrets Manager secret is encrypted using KMS CMK
Error: Secrets Manager secret is not encrypted using KMS CMK
Bridgecrew Policy ID: BC_AWS_GENERAL_79
Checkov Check ID: CKV_AWS_149
Severity: MEDIUM
Secrets Manager secret is not encrypted using KMS Customer Managed Key (CMK)
Description
By default, secrets manager secrets are encrypted using the AWS-managed key aws/secretsmanager
. It is best practice to explicitly provide a customer managed key to use instead.
Fix - Buildtime
Terraform
- Resource: aws_secretsmanager_secret
- Argument: kms_key_id
resource "aws_secretsmanager_secret" "enabled" {
...
+ kms_key_id = var.kms_key_id
}
Updated 6 months ago