New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSEK not supported by Pub/Sub #640

Open

luigi-bitonti opened this issue May 17, 2024 · 1 comment

luigi-bitonti commented May 17, 2024

Checkov check on a Pub/Sub resource says:

Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK).

The link provided in the guide (https://github.com/hlxsites/prisma-cloud-docs/blob/main/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-pubsub-topics-are-encrypted-with-customer-supplied-encryption-keys-csek.adoc) gives the solution to using the kms_key_name variable.

I think there are 2 problems:

CSEK is not supported by Pub/Sub, but only by Google Cloud Storage and Google Compute Engine (https://cloud.google.com/docs/security/encryption/customer-supplied-encryption-keys)
The tested module is already using the kms_key_name variable

Contributor

jbrule commented Sep 18, 2024

No one appears to monitor these issues or pull requests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment