Azure Synapse Workspace not encrypted with a Customer Managed Key (CMK)
Description
This policy detects whether an Azure Synapse Workspace is encrypted with a CMK. Ensuring encryption with a CMK is crucial because it grants organizations greater control over the encryption keys used to protect their data. Using a CMK enhances security by allowing key rotation, revocation, and the ability to use an organization's own key management policies. This strengthens data protection within the Synapse Workspace. Unencrypted Synapse Workspaces pose a significant security risk. Sensitive data stored and processed within them is potentially exposed to unauthorized access and data breaches.
Code Example
resource "azurerm_synapse_workspace" "example" {
...
+ customer_managed_key {
+ key_name = "exKey"
+ ...
+ }
}Remediation
Terraform
- Resource: azurerm_synapse_workspace
- Arguments: customer_managed_key/key_name
Secure your Azure Synapse Workspace data by enabling CMK encryption. Enable CMK encryption for your Azure Synapse Workspace by adding a `customer_managed_key` parameter to your `azurerm_synapse_workspace` resource.
In this example, CMK encryption in configured for your Azure Synapse Workspace within a Terraform template.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0747 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_240 |