Control: Container Instance container group should use customer-managed key for encryption
Description
Secure your containers with greater flexibility using customer-managed keys. When you specify a customer-managed key, that key is used to protect and control access to the key that encrypts your data. Using customer-managed keys provides additional capabilities to control rotation of the key encryption key or cryptographically erase data.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.container_instance_container_group_encrypted_using_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.container_instance_container_group_encrypted_using_cmk --shareSQL
This control uses a named query:
select cg.id as resource, case when encryption_properties ->> 'keyName' is not null and encryption_properties ->> 'vaultBaseUrl' is not null then 'ok' else 'alarm' end as status, case when encryption_properties ->> 'keyName' is not null and encryption_properties ->> 'vaultBaseUrl' is not null then cg.title || ' encrypted with CMK.' else cg.title || ' not encrypted with CMK.' end as reason , cg.resource_group as resource_group , sub.display_name as subscriptionfrom azure_container_group as cg, azure_subscription as subwhere sub.subscription_id = cg.subscription_id;