Skip to content

Enable disk encryption on managed disk

Default Severity: high

Explanation

Manage disks should be encrypted at rest. When specifying the encryption_settings block, the enabled attribute should be set to true.

Possible Impact

Data could be read if compromised

Suggested Resolution

Enable encryption on managed disks

Insecure Example

The following example will fail the azure-compute-enable-disk-encryption check.

 resource "azurerm_managed_disk" "bad_example" {
    encryption_settings {
        enabled = false
    }
 }

Secure Example

The following example will pass the azure-compute-enable-disk-encryption check.

 resource "azurerm_managed_disk" "good_example" {
    encryption_settings {
        enabled = true
    }
 }