Object Storage buckets should be encrypted with a Customer Managed Key (CMK)

Docs > Datadog Security > OOTB Rules > Object Storage buckets should be encrypted with a Customer Managed Key (CMK)

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Oracle Cloud Infrastructure (OCI) Object Storage buckets should be encrypted with a Customer Managed Key (CMK) to provide enhanced security and control over encryption key lifecycle management. By default, Object Storage buckets are encrypted with Oracle-managed keys, but using Customer Managed Keys provides additional security benefits including key rotation control, access logging, and the ability to disable keys when needed.

This rule checks the kms_key_id configuration of OCI buckets and fails when buckets are not configured with a Customer Managed Key.

Remediation

To configure your OCI Object Storage bucket with CMK encryption, you need to specify a valid kms_key_id from Oracle Cloud Infrastructure Vault service. For guidance on configuring Object Storage bucket encryption with CMKs, refer to the Object Storage Data Encryption section of the Oracle Cloud Infrastructure Documentation.

Object Storage buckets should be encrypted with a Customer Managed Key (CMK)

Description

Remediation

How can I help you today?