GCP KMS keys are not protected from deletion
Description
Protecting your Google Cloud Platform (GCP) KMS keys from deletion can help ensure the security and integrity of your keys. KMS keys are used to encrypt and decrypt data, and deleting them can cause data loss and disrupt the operation of your systems. By protecting your KMS keys from deletion, you can help prevent accidental or unauthorized deletion of your keys. This can help ensure that your keys are always available when needed, and can help protect your data from potential security threats such as data breaches or unauthorized access.
Code Example
go
resource "google_kms_crypto_key" "pass" {
name = "crypto-key-example"
key_ring = google_kms_key_ring.keyring.id
rotation_period = "15552000s"
lifecycle {
prevent_destroy = true
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0940 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_82 |