High KMS Key Rotation Period
- Query id: cb319d87-b90f-485e-a7e7-f2408380f309
- Query name: High KMS Key Rotation Period
- Platform: Terraform
- Severity: Medium
- Category: Secret Management
- URL: Github
Description¶
KMS Key should have automatic rotation enabled and the rotation period should not be higher than a year
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_kms_key" "keypos1" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
automatic_rotation = "Disabled"
}
Positive test num. 2 - tf file
resource "alicloud_kms_key" "keypos1" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
automatic_rotation = "Enabled"
rotation_interval = "366d"
}
Positive test num. 3 - tf file
resource "alicloud_kms_key" "keypos1" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
automatic_rotation = "Enabled"
rotation_interval = "31536010s"
}