Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Severity: High

Description: This control ensures that all Secrets in AWS secret manager are encrypted using KMS CMK. AWS Secrets Manager service provides secure management of information such as database credentials, passwords, third-party API keys, and arbitrary text. This information is termed as secrets and can be retrieved from centralized storage whenever needed. Use of KMS CMK is recommended to encrypt the secrets when stored at rest.

Remediation Steps:

Perform following to disable public access to cloud trail bucket :

  1. Login to the AWS Management Console at https://console.aws.amazon.com

  2. Go to Secret Manager in services

  3. Click on the secret to be modified.

  4. Click on Actions and select Edit encryption key.

  5. Select an appropriate KMS Customer Managed Key (CMK) from the list.

  6. Check Create new version of secret with new encryption key option.

  7. Click Save.

Important:

Reference:

  • No labels