Control: Storage accounts should use customer-managed key for encryption
Description
Secure your storage account with greater flexibility using customer-managed keys. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Using customer-managed keys provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.storage_account_encryption_at_rest_using_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.storage_account_encryption_at_rest_using_cmk --shareSQL
This control uses a named query:
storage_account_encryption_at_rest_using_cmk