Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub
Loading controls...

Control: Secrets Manager secrets should be encrypted using CMK

Description

Ensure that all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) or a customer managed key that was created in AWS Key Management Service (AWS KMS). The rule is compliant if a secret is encrypted using a customer managed key. This rule is non-compliant if a secret is encrypted using aws/secretsmanager.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.secretsmanager_secret_encrypted_with_kms_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.secretsmanager_secret_encrypted_with_kms_cmk --share

SQL

This control uses a named query:

secretsmanager_secret_encrypted_with_kms_cmk

Tags

category = Compliance
gxp_21_cfr_part_11 = true
gxp_eu_annex_11 = true
hipaa_final_omnibus_security_rule_2013 = true
nist_800_53_rev_5 = true
nist_csf = true
pci_dss_v321 = true
plugin = aws
service = AWS/SecretsManager