Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The Cosmos DB account is not configured to use customer-managed keys for encrypting data at rest. This means Azure manages the encryption keys instead of your organization, reducing your control over data security.
Impact#
If customer-managed keys are not used, your organization cannot control key rotation or revoke access independently, increasing the risk of unauthorized data access if Azure’s default keys are compromised. This can lead to potential data breaches and loss of compliance with security standards.