This benchmark provides a set of controls that detect Terraform GCP KMS resources deviating from security best practices.
Browse dashboards and select KMS:
Or run the benchmarks in your terminal:
steampipe check terraform_gcp_compliance.benchmark.kms
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_gcp_compliance.benchmark.kms
- Ensure KMS encryption keys are rotated within a period of 90 days
- Check that CMEK rotation policy is in place and is sufficiently short