Data protection

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is not using CMEKs (Customer-Managed Encryption Keys). CMEKs allow you to have full control over the data encryption and decryption process.
  • Recommended Mitigation

    It is recommended to configure secrets to be encrypted with Customer-Managed Encryption Keys (CMEKs). For more information see: <a href="https://cloud.google.com/secret-manager/docs/cmek" target="_blank" rel="noopener noreferrer">https://cloud.google.com/secret-manager/docs/cmek</a>