Data protection

Dataproc cluster is not encrypted with customer-managed encryption key (CMEK)


When you use Dataproc, cluster and job data is stored on Persistent Disks (PDs) associated with the Compute Engine VMs in your cluster and in a Cloud Storage staging bucket. By default, this PD and bucket data is encrypted using a Google-generated data encryption key (DEK) and key encryption key (KEK). You can have more control over the encryption key by using a customer-managed encryption key (CMEK), which allows you to create, use, and revoke the key-encryption key (KEK). It was detected that the Dataproc Cluster {GcpDataprocCluster} is not using customer-managed encryption keys (CMEK).