Secrets Manager secret is not encrypted using KMS Customer Managed Key (CMK)

Description

By default, secrets manager secrets are encrypted using the AWS-managed key aws/secretsmanager. It is best practice to explicitly provide a customer managed key to use instead.

Fix - Buildtime

Terraform

• Resource: aws_secretsmanager_secret
• Argument: kms_key_id

resource "aws_secretsmanager_secret" "enabled" {
   ...
 + kms_key_id = var.kms_key_id
}