Loading controls...
Control: Secrets Manager secrets should be encrypted using CMK
Description
Ensure that all secrets in AWS Secrets Manager are encrypted using the AWS managed key (aws/secretsmanager) or a customer managed key that was created in AWS Key Management Service (AWS KMS). The rule is compliant if a secret is encrypted using a customer managed key. This rule is non-compliant if a secret is encrypted using aws/secretsmanager.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.secretsmanager_secret_encrypted_with_kms_cmk
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.secretsmanager_secret_encrypted_with_kms_cmk --share
SQL
This control uses a named query:
secretsmanager_secret_encrypted_with_kms_cmk