Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This code creates a Google Pub/Sub topic in Terraform without specifying a customer-managed encryption key (CMEK). As a result, the topic will use default Google-managed encryption instead of your own keys, reducing control over data protection.
Impact#
If not properly encrypted with a customer-managed key, sensitive messages published to this topic could be less secure, increasing the risk of unauthorized access or exposure. This limits your ability to manage key rotation, revoke access, or comply with strict security and regulatory requirements.