Control: Check that CMEK rotation policy is in place and is sufficiently short
Google Cloud Key Management Service stores cryptographic keys in a hierarchical structure designed for useful and elegant access control management. The format for the rotation schedule depends on the client library that is used.
Run the control in your terminal:
steampipe check terraform_gcp_compliance.control.kms_key_rotated_within_100_day
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_gcp_compliance.control.kms_key_rotated_within_100_day
This control uses a named query:kms_key_rotated_within_100_day