GCP Key Management
Overview
Critical
1High
0Medium
0Low
1Informational
0Security issues (2)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Critical | CIS 1.10 PCI DSS 3.7.4 HIPAA (Encryption) | global | my-keyring3-name | KMS cryptographic key has no rotation period set. | To fulfill HIPAA and PCI DSS key rotation requirements, ensure all cryptographic keys are set to rotate periodically. | More info | |
Low | — | global | my-key-2 | KMS cryptographic key has inadequate protection level: Protection level unspecified. | Ensure the protection level for cryptographic keys is set to Software (Customer-managed encryption key, or CMEK), Hardware Security Module (HSM), or External key manager. | More info |
Key rings (3)
Name | Location | Keys | Created | Security issues |
---|---|---|---|---|
my-key-ring | global | my-key | — | |
my-keyring3 | us | my-key5, my-keyring3-name | — | |
my-key-ring2 | southamerica-west1 | my-key-2 | — |
Key inventory (4)
Name | Key ring | Location | Created | Next rotation | Status | Protection level | Security issues |
---|---|---|---|---|---|---|---|
my-key | my-key-ring | global | Enabled | Software | — | ||
my-key5 | my-keyring3 | us | Enabled | Software | — | ||
my-keyring3-name | my-keyring3 | us | Enabled | Software | 1 Critical (details) | ||
my-key-2 | my-key-ring2 | southamerica-west1 | Enabled | Protection level unspecified | 1 Low (details) |
API keys (0)
Name | Created | Restrictions | Security issues |
---|