Severity Framework
Snyk CCSS
Rule category
Data / Encryption at Rest
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk ID SNYK-CC-00794
- credit Snyk Research Team
Description
Disabling infrastructure encryption for Azure storage accounts can lead to data being stored without enhanced security measures, increasing the risk of unauthorized access and potential data breaches. Enabling this feature ensures that data is encrypted at rest using double encryption, providing an additional layer of security beyond the default service encryption.
How to fix?
Set the infrastructure_encryption_enabled
attribute to true
for the azurerm_storage_account
resource.
Example Configuration
resource "azurerm_storage_account" "allow1" {
name = "storageaccount794a1"
resource_group_name = azurerm_resource_group.snyk.name
account_kind = "StorageV2"
location = azurerm_resource_group.snyk.location
account_tier = "Standard"
account_replication_type = "GRS"
infrastructure_encryption_enabled = true
}