Secretsmanager Secret Without KMS
- Query id: a2f548f2-188c-4fff-b172-e9a6acb216bd
- Query name: Secretsmanager Secret Without KMS
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description
AWS Secretmanager should use AWS KMS customer master key (CMK) to encrypt the secret values in the versions stored in the secret
Documentation
Code samples
Code samples with security vulnerabilities
Positive test num. 1 - tf fileresource "aws_secretsmanager_secret" "example" {
name = "example"
}
Code samples without security vulnerabilities
Negative test num. 1 - tf fileresource "aws_secretsmanager_secret" "example" {
name = "example"
kms_key_id = "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}