Block storage volumes should be encrypted with a Customer Managed Key (CMK)

oci-compute
Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Description

Oracle Cloud Infrastructure (OCI) block storage volumes should be encrypted with a Customer Managed Key (CMK) to provide enhanced security and control over encryption key lifecycle management. By default, block storage volumes are encrypted with Oracle-managed keys, but using Customer Managed Keys provides additional security benefits including key rotation control, access logging, and the ability to disable keys when needed.

This rule checks the kms_key_id configuration of OCI block storage volumes and fails when volumes are not configured with a Customer Managed Key.

Remediation

To configure your OCI block storage volume with CMK encryption, you need to specify a valid kms_key_id from Oracle Cloud Infrastructure Vault service. For guidance on configuring block storage volume encryption with CMKs, refer to the Block Volume Encryption section of the Oracle Cloud Infrastructure Documentation.