TF 0086 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cloud Storage buckets should be encrypted with a customer-managed key.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | storage |
| Provider |
Description
Cloud Storage buckets are configured without customer-managed encryption keys, relying instead on Google-managed keys, which limits control over key rotation and lifecycle management.
Impact
Without customer-managed keys, organizations cannot enforce their own encryption key policies, increasing the risk of unauthorized data access and making it harder to respond to key compromise or compliance requirements.
Resolution
Encrypt Cloud Storage buckets using customer-managed keys.