Severity: High
Description: This control ensures that all Secrets in AWS secret manager are encrypted using KMS CMK. AWS Secrets Manager service provides secure management of information such as database credentials, passwords, third-party API keys, and arbitrary text. This information is termed as secrets and can be retrieved from centralized storage whenever needed. Use of KMS CMK is recommended to encrypt the secrets when stored at rest.
Remediation Steps:
Perform following to disable public access to cloud trail bucket :
Login to the AWS Management Console at https://console.aws.amazon.com
Go to Secret Manager in services
Click on the secret to be modified.
Click on Actions and select Edit encryption key.
Select an appropriate KMS Customer Managed Key (CMK) from the list.
Check Create new version of secret with new encryption key option.
Click Save.
Important:
Reference: