Data protection

GCP Secret Manager secret encrypted without Customer-Managed Encryption Keys

Platform(s)
Compliance Frameworks

Brazilian General Data Protection (LGPD), CCM-CSA, CCPA, cis_8, coppa, CPRA, iso_27001_2022, iso_27002_2022, Mitre ATT&CK, mpa, New Zealand Information Security Manual, NIST 800-171, NIST 800-53, PDPA, pipeda

Description

GCP Secret Manager can store, manage and access secrets, with the appropriate permissions you can view its content. We detected that the secret '{GcpSecretManagerSecret}' is not using CMEKs (Customer-Managed Encryption Keys). CMEKs allow you to have full control over the data encryption and decryption process.