GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Data protection

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
coppa
CPRA
ISO/IEC 27001
Mitre ATT&CK
mpa
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is not using CMEKs (Customer-Managed Encryption Keys). CMEKs allow you to have full control over the data encryption and decryption process.

Recommended Mitigation

It is recommended to configure secrets to be encrypted with Customer-Managed Encryption Keys (CMEKs). For more information see: <a href="https://cloud.google.com/secret-manager/docs/cmek" target="_blank" rel="noopener noreferrer">https://cloud.google.com/secret-manager/docs/cmek</a>

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS