Open ocervell opened 5 years ago
We need to add an exclude for the GCPCMEKRotationConstraintV1, because once created, KMS keychains cannot be removed. As long as we don't have the 'delete keychain' option in the KMS API, we should be able to exclude unused keychains.
I'm not sure what the ask here is, should this be in policy-library?
Moved to policy-library.
We need to add an exclude for the GCPCMEKRotationConstraintV1, because once created, KMS keychains cannot be removed. As long as we don't have the 'delete keychain' option in the KMS API, we should be able to exclude unused keychains.