Data protection

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCM-CSA
  • ,
  • CCPA
  • ,
  • cis_8
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • Mitre ATT&CK
  • ,
  • mpa
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • pipeda

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is not using CMEKs (Customer-Managed Encryption Keys). CMEKs allow you to have full control over the data encryption and decryption process.