Block storage boot volumes should be encrypted with a Customer Managed Key (CMK)

문서 > Datadog 보안 > OOTB Rules > Block storage boot volumes should be encrypted with a Customer Managed Key (CMK)

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Oracle Cloud Infrastructure (OCI) block storage boot volumes should be encrypted with a Customer Managed Key (CMK) to provide enhanced security and control over encryption key lifecycle management. By default, block storage boot volumes are encrypted with Oracle-managed keys, but using Customer Managed Keys provides additional security benefits including key rotation control, access logging, and the ability to disable keys when needed.

This rule checks the kms_key_id configuration of OCI block storage boot volumes and fails when block storage boot volumes are not configured with a Customer Managed Key.

Remediation

To configure your OCI block storage boot volume with CMK encryption, you need to specify a valid kms_key_id from Oracle Cloud Infrastructure Vault service. For guidance on configuring block storage boot volume encryption with CMKs, refer to the Block Volume Encryption section of the Oracle Cloud Infrastructure Documentation.

Block storage boot volumes should be encrypted with a Customer Managed Key (CMK)

Description

Remediation

How can I help you today?