From 98a8ca9f59445e343a605a08cc0b3f688feea2cf Mon Sep 17 00:00:00 2001 From: Laiba Zaman Date: Fri, 24 Mar 2023 14:02:41 +0000 Subject: [PATCH 1/4] added sql remidiation guide --- en/google/sql/sql-cmk-encryption.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 en/google/sql/sql-cmk-encryption.md diff --git a/en/google/sql/sql-cmk-encryption.md b/en/google/sql/sql-cmk-encryption.md new file mode 100644 index 000000000..e69de29bb From 96be347c3b6caf943324e61c566a82e6d6c398fd Mon Sep 17 00:00:00 2001 From: Laiba Zaman Date: Fri, 24 Mar 2023 14:03:51 +0000 Subject: [PATCH 2/4] added full guide --- en/google/sql/sql-cmk-encryption.md | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/en/google/sql/sql-cmk-encryption.md b/en/google/sql/sql-cmk-encryption.md index e69de29bb..d5e207a3d 100644 --- a/en/google/sql/sql-cmk-encryption.md +++ b/en/google/sql/sql-cmk-encryption.md @@ -0,0 +1,36 @@ +[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com) + +# GOOGLE / SQL / SQL CMK Encryption + +## Quick Info + +| | | +|-|-| +| **Plugin Title** | SQL CMK Encryption | +| **Cloud** | GOOGLE | +| **Category** | SQL | +| **Description** | Intended for organizations that have sensitive or regulated data that requires them to manage their own encryption keys. | +| **More Info** | The CMEK feature lets you use your own cryptographic keys for data at rest in Cloud SQL. After adding customer-managed encryption keys, whenever an API call is made, Cloud SQL uses your key to access data. | +| **GOOGLE Link** | https://cloud.google.com/sql/docs/mysql/create-manage-users | +| **Recommended Action** | Use default encryption keys. | + +## Detailed Remediation Steps +1. In the Google Cloud console, go to the Cloud Storage Buckets page. + + [Go to Buckets](https://console.cloud.google.com/storage/browser) + +2. In the list of buckets, click on the desired bucket. + +3. In the bucket details page, click on the Configuration tab. + +4. Click on the Pencil icon associated with the Encryption type entry. + +5. Set or remove the default Cloud KMS key for the bucket. + + a. If the bucket isn't currently using a Cloud KMS key, select the Customer-managed key radio button, then select one of the available keys in the associated drop-down menu. + + b. If the bucket currently uses a Cloud KMS key, change the Cloud KMS key in the drop-down menu, or remove the Cloud KMS key by selecting the Google-managed key radio button. + +6. Click Save. + +To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see [Troubleshooting](https://cloud.google.com/storage/docs/troubleshooting#trouble-console). \ No newline at end of file From 6be509b7693130cd0ba5dbecec606b068fa08fbb Mon Sep 17 00:00:00 2001 From: Laiba Zaman Date: Tue, 28 Mar 2023 14:19:21 +0000 Subject: [PATCH 3/4] fixed guide --- en/google/sql/sql-cmk-encryption.md | 29 ++++++++--------------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/en/google/sql/sql-cmk-encryption.md b/en/google/sql/sql-cmk-encryption.md index d5e207a3d..bf0df76fb 100644 --- a/en/google/sql/sql-cmk-encryption.md +++ b/en/google/sql/sql-cmk-encryption.md @@ -9,28 +9,15 @@ | **Plugin Title** | SQL CMK Encryption | | **Cloud** | GOOGLE | | **Category** | SQL | -| **Description** | Intended for organizations that have sensitive or regulated data that requires them to manage their own encryption keys. | -| **More Info** | The CMEK feature lets you use your own cryptographic keys for data at rest in Cloud SQL. After adding customer-managed encryption keys, whenever an API call is made, Cloud SQL uses your key to access data. | -| **GOOGLE Link** | https://cloud.google.com/sql/docs/mysql/create-manage-users | -| **Recommended Action** | Use default encryption keys. | +| **Description** | Ensure that Cloud SQL instances are encrypted using Customer Managed Keys (CMKs). | +| **More Info** | By default, your Google Cloud SQL instances are encrypted using Google-managed keys. To have a better control over the encryption process of your Cloud SQL instances you can use Customer-Managed Keys (CMKs). | +| **GOOGLE Link** | "https://cloud.google.com/sql/docs/sqlserver/cmek" | +| **Recommended Action** | Ensure that all Google Cloud SQL instances have desired encryption level.| ## Detailed Remediation Steps -1. In the Google Cloud console, go to the Cloud Storage Buckets page. +1. In the Google Cloud console, go to the Cloud SQL Instances page. - [Go to Buckets](https://console.cloud.google.com/storage/browser) + [Go to Cloud SQL Instances](https://console.cloud.google.com/sql) -2. In the list of buckets, click on the desired bucket. - -3. In the bucket details page, click on the Configuration tab. - -4. Click on the Pencil icon associated with the Encryption type entry. - -5. Set or remove the default Cloud KMS key for the bucket. - - a. If the bucket isn't currently using a Cloud KMS key, select the Customer-managed key radio button, then select one of the available keys in the associated drop-down menu. - - b. If the bucket currently uses a Cloud KMS key, change the Cloud KMS key in the drop-down menu, or remove the Cloud KMS key by selecting the Google-managed key radio button. - -6. Click Save. - -To learn how to get detailed error information about failed Cloud Storage operations in the Google Cloud console, see [Troubleshooting](https://cloud.google.com/storage/docs/troubleshooting#trouble-console). \ No newline at end of file +2. In the Instances list, scroll to the right until you see the Encryption column. In this column, you see Google-managed and Customer-managed. +3. Click an instance name to open its Overview page. The customer-managed encryption key is listed in the Configuration pane. \ No newline at end of file From bd6480184f61722a444261d77fc106e6124fe3f6 Mon Sep 17 00:00:00 2001 From: Amanda Reed <96201528+areed42@users.noreply.github.com> Date: Tue, 4 Apr 2023 14:41:05 -0400 Subject: [PATCH 4/4] Update sql-cmk-encryption.md --- en/google/sql/sql-cmk-encryption.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/en/google/sql/sql-cmk-encryption.md b/en/google/sql/sql-cmk-encryption.md index bf0df76fb..962fa19b2 100644 --- a/en/google/sql/sql-cmk-encryption.md +++ b/en/google/sql/sql-cmk-encryption.md @@ -20,4 +20,5 @@ [Go to Cloud SQL Instances](https://console.cloud.google.com/sql) 2. In the Instances list, scroll to the right until you see the Encryption column. In this column, you see Google-managed and Customer-managed. -3. Click an instance name to open its Overview page. The customer-managed encryption key is listed in the Configuration pane. \ No newline at end of file +3. Click an instance name to open its Overview page. The customer-managed encryption key is listed in the Configuration pane. + - Note that Customer Managed Encryption Keys can only be configured during instance creation.