App Configuration Encryption Block Not Set
Description
Encryption is a key aspect of ensuring data confidentiality and integrity. Azure App Configuration supports encryption of the configuration data at rest, which helps safeguard sensitive application data against unauthorized access.
This policy ensures that an encryption block is defined with a Key Vault key identifier in Azure App Configuration resources. This promotes the practice of encrypting sensitive application configuration data.
Code Example
terraform
resource "azurerm_app_configuration" "example" {
name = "example-app-configuration"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
# ... other configurations ...
+ encryption {
+ key_vault_key_identifier = "key-vault-key-id" // Ensure encryption block with key vault key identifier is set
+ }
}Remediation
Terraform
Resource:
- azurerm_app_configuration
Arguments:
- encryption.key_vault_key_identifier
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0693 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_186 |