Skip to content

Commit

Permalink
Merge pull request #100 from rtkwlf/nshawahna/AWN-194629
Browse files Browse the repository at this point in the history
[AWN-194629] Remediation guide for plugin: Dataset All Users Policy
  • Loading branch information
nuhasha authored Apr 4, 2023
2 parents 3ef426b + 79bbe6d commit 4c82ed4
Showing 1 changed file with 26 additions and 0 deletions.
26 changes: 26 additions & 0 deletions en/google/bigquery/tables-cmk-encrypted.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
[![CloudSploit](https://cloudsploit.com/img/logo-new-big-text-100.png "CloudSploit")](https://cloudsploit.com)

# GOOGLE / BigQuery / Tables CMK Encrypted

## Quick Info

| | |
|-|-|
| **Plugin Title** | Tables CMK Encrypted |
| **Cloud** | GOOGLE |
| **Category** | BigQuery |
| **Description** | Ensure that BigQuery dataset tables are encrypted using desired encryption protection level. |
| **More Info** | By default Google encrypts all dataset tables using Google-managed encryption keys. To have more control over the encryption process of your BigQuery dataset tables you can use Customer-Managed Keys (CMKs). |
| **GOOGLE Link** | https://cloud.google.com/bigquery/docs/dataset-access-controls |
| **Recommended Action** | Ensure that each BigQuery dataset table has desired encryption level. |

## Detailed Remediation Steps
1. To change a table from default encryption to Cloud KMS protection https://cloud.google.com/bigquery/docs/customer-managed-encryption#change_to_kms

To determine if a table is protected by Cloud KMS:
1. Sign in to Google Cloud Management Console.
2. Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.
3. Navigate to Google Cloud BigQuery dashboard at https://console.cloud.google.com/bigquery.
4. In the Explorer pane, expand your project and select a dataset name, and click on the specific BigQuery table that you want to examine.
5. Select the Details tab to access the configuration details available for the selected table.
6. On the Details panel, within the Table info section, search for the Customer-managed key configuration attribute. If the Customer-managed key attribute is not listed in the table information section, the selected Google Cloud BigQuery dataset table is not encrypted using a Customer-Managed Key (CMK).

0 comments on commit 4c82ed4

Please sign in to comment.