Virtual machine data disk (non-boot volume) is not encrypted Affecting Compute service in Azure

Snyk CCSS

Data / Encryption at Rest

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure CIS-Controls CSA-CCM GDPR HIPAA ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00507
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Encrypting the virtual machine's data disks ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.

How to fix?

Set properties.encryptionSettings.enabled attribute to true.

Terraform

Resource: azurerm_managed_disk

References

Azure Storage Service Encryption support for Managed Disks
Server-side encryption of Azure Disk Storage

Virtual machine data disk (non-boot volume) is not encrypted Affecting Compute service in Azure

Severity

Description

How to fix?

Terraform

References