TF 0058 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
The encryption key used to encrypt a compute disk has been specified in plaintext.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | misconfiguration |
Description
The Terraform configuration includes raw encryption keys in plaintext for Google Compute Engine disks, exposing sensitive key material directly in code. This practice bypasses secure key management and increases the risk of key compromise.
Impact
If exploited, attackers with access to the codebase or state files can obtain the encryption key, potentially allowing unauthorized decryption and access to all data on the affected disks, leading to data breaches and loss of confidentiality.
Resolution
Reference a managed key rather than include the key in raw format.