AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Azure Kubernetes Clusters should enable Key Management Service (KMS)

Azure BuiltIn Policy definition

Source Azure Portal
Display name Azure Kubernetes Clusters should enable Key Management Service (KMS)
Id dbbdc317-9734-4dd8-9074-993b29c69008
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category Kubernetes
Microsoft Learn
Description Use Key Management Service (KMS) to encrypt secret data at rest in etcd for Kubernetes cluster security. Learn more at: https://aka.ms/aks/kmsetcdencryption.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
Audit
Allowed
Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.ContainerService/managedClusters/securityProfile.azureKeyVaultKms.enabled Microsoft.ContainerService managedClusters properties.securityProfile.azureKeyVaultKms.enabled True False
Rule resource types IF (1)
Microsoft.ContainerService/managedClusters
Compliance Not a Compliance control
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of AKS in a Virtual Enclave d300338e-65d1-4be3-b18e-fb4ce5715a8f VirtualEnclaves Preview BuiltIn
[Preview]: Control the use of AKS in a Virtual Enclave d300338e-65d1-4be3-b18e-fb4ce5715a8f VirtualEnclaves Preview BuiltIn
Enforce recommended guardrails for Kubernetes Enforce-Guardrails-Kubernetes Kubernetes GA ALZ
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-10-07 16:34:28 add dbbdc317-9734-4dd8-9074-993b29c69008
JSON compare n/a
JSON
api-version=2021-06-01
EPAC