The encryption key used to encrypt a compute disk has been specified in plaintext.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | compute |
| Provider | |
| Vulnerability Type | misconfiguration |
Description#
The Terraform configuration includes raw encryption keys in plaintext for Google Compute Engine disks, exposing sensitive key material directly in code. This practice bypasses secure key management and increases the risk of key compromise.
Impact#
If exploited, attackers with access to the codebase or state files can obtain the encryption key, potentially allowing unauthorized decryption and access to all data on the affected disks, leading to data breaches and loss of confidentiality.
Resolution#
Reference a managed key rather than include the key in raw format.