Block storage volumes should be encrypted with a Customer Managed Key (CMK)

Docs > Plateforme de sécurité Datadog > OOTB Rules > Block storage volumes should be encrypted with a Customer Managed Key (CMK)

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

Oracle Cloud Infrastructure (OCI) block storage volumes should be encrypted with a Customer Managed Key (CMK) to provide enhanced security and control over encryption key lifecycle management. By default, block storage volumes are encrypted with Oracle-managed keys, but using Customer Managed Keys provides additional security benefits including key rotation control, access logging, and the ability to disable keys when needed.

This rule checks the kms_key_id configuration of OCI block storage volumes and fails when volumes are not configured with a Customer Managed Key.

Remediation

To configure your OCI block storage volume with CMK encryption, you need to specify a valid kms_key_id from Oracle Cloud Infrastructure Vault service. For guidance on configuring block storage volume encryption with CMKs, refer to the Block Volume Encryption section of the Oracle Cloud Infrastructure Documentation.

Block storage volumes should be encrypted with a Customer Managed Key (CMK)

Description

Remediation

How can I help you today?