kms

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2024 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CheckRotateKmsKeys = rules.Register(
	scan.Rule{
		AVDID:       "AVD-GCP-0065",
		Provider:    providers.GoogleProvider,
		Service:     "kms",
		ShortCode:   "rotate-kms-keys",
		Summary:     "KMS keys should be rotated at least every 90 days",
		Impact:      "Exposure is greater if the same keys are used over a long period",
		Resolution:  "Set key rotation period to 90 days",
		Explanation: `Keys should be rotated on a regular basis to limit exposure if a given key should become compromised.`,
		Links:       []string{},
		Terraform: &scan.EngineMetadata{
			GoodExamples:        terraformRotateKmsKeysGoodExamples,
			BadExamples:         terraformRotateKmsKeysBadExamples,
			Links:               terraformRotateKmsKeysLinks,
			RemediationMarkdown: terraformRotateKmsKeysRemediationMarkdown,
		},
		Severity: severity.High,
	},
	func(s *state.State) (results scan.Results) {
		for _, keyring := range s.Google.KMS.KeyRings {
			for _, key := range keyring.Keys {
				if key.RotationPeriodSeconds.GreaterThan(7776000) {
					results.Add(
						"Key has a rotation period of more than 90 days.",
						key.RotationPeriodSeconds,
					)
				} else {
					results.AddPassed(&key)
				}
			}
		}
		return
	},
)

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL