OCI File Storage File Systems are not encrypted with a Customer Managed Key (CMK)
Description
This policy identifies the OCI File Storage File Systems that are not encrypted with a Customer Managed Key (CMK). It is recommended that File Storage File Systems should be encrypted with a Customer Managed Key (CMK), using Customer Managed Key (CMK), provides an additional level of security on your data by allowing you to manage your own encryption key lifecycle management for the File System
Code Example
resource "oci_file_storage_file_system" "pass" {
...
kms_key_id = oci_kms_key.test_key.id
...
}Remediation
- OCI Console*
. Login to the OCI Console
. Type the resource reported in the alert into the Search box at the top of the Console.
. Click the resource reported in the alert from the Resources submenu
. Click Assign next to Encryption Key: Oracle managed key.
. Select a Vault from the appropriate compartment
. Select a Master Encryption Key
. Click Assign === Fix - Buildtime
Terraform
- Resource: oci_file_storage_file_system
- Arguments: kms_key_id
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1242 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_OCI_15 |