enable-disk-encryption
Explanation
Manage disks should be encrypted at rest. When specifying the encryption_settings
block, the enabled attribute should be set to true
.
Possible Impact
Data could be read if compromised
Suggested Resolution
Enable encryption on managed disks
Insecure Example
The following example will fail the azure-compute-enable-disk-encryption check.
resource "azurerm_managed_disk" "bad_example" {
encryption_settings {
enabled = false
}
}
Secure Example
The following example will pass the azure-compute-enable-disk-encryption check.
resource "azurerm_managed_disk" "good_example" {
encryption_settings {
enabled = true
}
}