Skip to content

Unencrypted Secret Manager secret

Description

The Secret Manager service allows you to securely store and manage secrets, such as API keys and passwords, in a central location. By default, secrets stored in Secret Manager are encrypted at rest using Google's Key Management Service (KMS).
Encrypting your CodeBuild projects helps to protect the data stored in them from unauthorized access. This is especially important if your projects contain sensitive information such as passwords or proprietary data.

Fix - Buildtime

Terraform

  • Resource: aws_secretsmanager_secret
  • Argument: kms_key_id
resource "aws_secretsmanager_secret" "example" {
              name = "example"
 +            kms_key_id = "arn:kuku:kisi"
            }