checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

mysql encryption at rest (CKV_AZURE_96)

Open chielboogaard opened this issue 2 years ago • 1 comments

Describe the issue CKV_AZURE_96 is giving back: Ensure that MySQL server enables infrastructure encryption. This is already on by default as the microsoft documentation states the following:

At-rest

The Azure Database for MySQL service uses the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. Data, including backups, are encrypted on disk, including the temporary files created while running queries. The service uses the AES 256-bit cipher included in Azure storage encryption, and the keys are system managed. Storage encryption is always on and can't be disabled.

source: https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-security

see bicep example:

Examples

resource _mySQLServer 'Microsoft.DBforMySQL/flexibleServers@2022-01-01' = {
  name: toLower(format(subNameInfixInfra, 'MSS', Number))
  location: Location
  tags: Tags
  sku: Sku
  properties: {
    administratorLogin: AdministratorLogin
    administratorLoginPassword: AdministratorLoginPassword
    createMode: CreateMode
  }
}

Version (please complete the following information):

  • 3.1.17

Additional context Add any other context about the problem here.

chielboogaard avatar Nov 28 '23 11:11 chielboogaard

still seems to be an active check for azure policy https://learn.microsoft.com/en-us/azure/mysql/single-server/policy-reference

JamesWoolfenden avatar Nov 29 '23 13:11 JamesWoolfenden