Mods

turbot/terraform_gcp_compliance

GitHub
Overview
9Dashboards
55Controls
55Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Usage
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets

Description

BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data is encrypted using the data encryption keys and data encryption keys themselves are further encrypted using key encryption keys. This is seamless and do not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solution for BigQuery Data Sets.

Usage

Run the control in your terminal:

steampipe check terraform_gcp_compliance.control.bigquery_dataset_encrypted_with_cmk

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share terraform_gcp_compliance.control.bigquery_dataset_encrypted_with_cmk

SQL

This control uses a named query:

bigquery_dataset_encrypted_with_cmk

Tags

category = Compliance
cis = true
cis_item_id = 7.3
cis_level = 2
cis_type = automated
plugin = terraform
service = GCP/BigQuery