diff --git a/README.md b/README.md index 648d99454..64ac119f0 100644 --- a/README.md +++ b/README.md @@ -368,6 +368,7 @@ This repository is an extension of CloudSploit's [open-source scanning engine](h * [Bucket Versioning](en/google/storage/bucket-versioning.md) * [Bucket Lifecycle Configured](en/google/storage/bucket-lifecycle-configured.md) * [Storage Bucket All Users Policy](en/google/storage/storage-bucket-all-users-policy.md) + * [Bucket Encryption](en/google/storage/bucket-encryption.md) * VPC Network * [Default VPC In Use](en/google/vpcnetwork/default-vpc-in-use.md) * [Excessive Firewall Rules](en/google/vpcnetwork/excessive-firewall-rules.md) diff --git a/en/google/storage/bucket-encryption.md b/en/google/storage/bucket-encryption.md new file mode 100644 index 000000000..28f744e96 --- /dev/null +++ b/en/google/storage/bucket-encryption.md @@ -0,0 +1,25 @@ +[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) + +# GOOGLE / Storage / Bucket Encryption + +## Quick Info + +| | | +|-|-| +| **Plugin Title** | Bucket Encryption | +| **Cloud** | GOOGLE | +| **Category** | Storage | +| **Description** | Ensure that Cloud Storage buckets have encryption enabled using desired protection level. | +| **More Info** | By default, all storage buckets are encrypted using Google-managed keys. To have better control over how your storage bucktes are encrypted, you can use Customer-Managed Keys (CMKs). | +| **GOOGLE Link** | https://cloud.google.com/storage/docs/encryption/customer-managed-keys | +| **Recommended Action** | Ensure that all storage buckets have desired encryption level. | + +## Detailed Remediation Steps +1. Log into the Google Cloud Platform Console. +2. Scroll down the left navigation panel and choose "Cloud Storage" to select the "Buckets" option.
+3. On the "Buckets" page, select the bucket which needs to be configured with the desire encryption level .
+4. Select the "CONFIGURATION" tab to access the configuration defined for selected bucket.
+5. Select on Encryption type and click on edit option.
+5. A popup panel will appear on screen.
+6. Select the desire encryption level want to set on selected bucket and then click "Save"
+7. Repeat steps number 4-6 to configure encryption of desire level to all other buckets in the project.
diff --git a/resources/google/storage/bucket-encryption/step2.png b/resources/google/storage/bucket-encryption/step2.png new file mode 100644 index 000000000..d9415eee8 Binary files /dev/null and b/resources/google/storage/bucket-encryption/step2.png differ diff --git a/resources/google/storage/bucket-encryption/step3.png b/resources/google/storage/bucket-encryption/step3.png new file mode 100644 index 000000000..d6a336640 Binary files /dev/null and b/resources/google/storage/bucket-encryption/step3.png differ diff --git a/resources/google/storage/bucket-encryption/step4.png b/resources/google/storage/bucket-encryption/step4.png new file mode 100644 index 000000000..2a141168c Binary files /dev/null and b/resources/google/storage/bucket-encryption/step4.png differ diff --git a/resources/google/storage/bucket-encryption/step5.png b/resources/google/storage/bucket-encryption/step5.png new file mode 100644 index 000000000..915cb97f4 Binary files /dev/null and b/resources/google/storage/bucket-encryption/step5.png differ diff --git a/resources/google/storage/bucket-encryption/step6.png b/resources/google/storage/bucket-encryption/step6.png new file mode 100644 index 000000000..71c1d16ee Binary files /dev/null and b/resources/google/storage/bucket-encryption/step6.png differ