High Google KMS Crypto Key Rotation Period
- Query id: d8c57c4e-bf6f-4e32-a2bf-8643532de77b
- Query name: High Google KMS Crypto Key Rotation Period
- Platform: Terraform
- Severity: Medium
- Category: Secret Management
- URL: Github
Description¶
KMS encryption keys should be rotated every 90 days or less. A short lifetime of encryption keys reduces the potential blast radius in case of compromise.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_kms_crypto_key" "positive1" {
name = "crypto-key-example"
key_ring = google_kms_key_ring.keyring.id
rotation_period = "77760009s"
lifecycle {
prevent_destroy = true
}
}
resource "google_kms_crypto_key" "positive2" {
name = "crypto-key-example"
key_ring = google_kms_key_ring.keyring.id
lifecycle {
prevent_destroy = true
}
}