Beta - Disk Encryption On Managed Disk Disabled
- Query id: 68403c84-8497-449b-9946-ae848765813f
- Query name: Beta - Disk Encryption On Managed Disk Disabled
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 922
- Risk score: 3.0
- URL: Github
Description¶
Using disk encryption on managed disks data improves confidentiality, compliance, and control over encryption keys, ensuring sensitive information at rest is protected against unauthorized access
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_managed_disk" "positive1" {
name = "secure-vm-disk"
location = azurerm_resource_group.positive1.location
resource_group_name = azurerm_resource_group.positive1.name
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = 128
# missing "secure_vm_disk_encryption_set_id" and "disk_encryption_set_id"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_managed_disk" "negative1" {
name = "standard-disk"
location = azurerm_resource_group.negative1.location
resource_group_name = azurerm_resource_group.negative1.name
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = 128
disk_encryption_set_id = azurerm_disk_encryption_set.negative1.id
}
resource "azurerm_managed_disk" "negative2" {
name = "secure-vm-disk"
location = azurerm_resource_group.negative2.location
resource_group_name = azurerm_resource_group.negative2.name
storage_account_type = "Premium_LRS"
create_option = "Empty"
disk_size_gb = 128
secure_vm_disk_encryption_set_id = azurerm_disk_encryption_set.secure_vm.id
}