jbrule
commented
2 months ago No one appears to monitor these issues or pull requests
Open luigi-bitonti opened 6 months ago
jbrule
commented
2 months ago No one appears to monitor these issues or pull requests
Checkov check on a Pub/Sub resource says:
The link provided in the guide (https://github.com/hlxsites/prisma-cloud-docs/blob/main/docs/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-pubsub-topics-are-encrypted-with-customer-supplied-encryption-keys-csek.adoc) gives the solution to using the kms_key_name variable.
I think there are 2 problems: 1) CSEK is not supported by Pub/Sub, but only by Google Cloud Storage and Google Compute Engine (https://cloud.google.com/docs/security/encryption/customer-supplied-encryption-keys) 2) The tested module is already using the kms_key_name variable