Severity Framework
Snyk CCSS
Rule category
Keys and Secrets / Lifecycle
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Google
- Snyk ID SNYK-CC-00350
- credit Snyk Research Team
Description
Cloud KMS (Key Management Service) keys should be rotated frequently because rotation helps reduce the potential impact of a compromised key as users cannot use the old key to access the data.
How to fix?
Set rotation_period attribute to a number lower than 7776000s (90 days).
Example Configuration
resource "google_kms_crypto_key" "valid_rotation" {
name = "valid-rotating-key"
key_ring = google_kms_key_ring.test.id
rotation_period = "86400s"
}