GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Data protection

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

CCM-CSA
cis_8
NIST 800-53

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is not using CMEKs (Customer-Managed Encryption Keys). CMEKs allow you to have full control over the data encryption and decryption process.

Recommended Mitigation

It is recommended to configure secrets to be encrypted with Customer-Managed Encryption Keys (CMEKs). For more information see: https://cloud.google.com/secret-manager/docs/cmek

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Description

Need help?