GCP BigQuery Tables Should Be Encrypted
More Info:
Ensure that BigQuery Tables should be encryptedRisk Level
HighAddress
SecurityCompliance Standards
GDPR, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of GCP BigQuery Tables should be encrypted, you can follow the below steps using GCP console:
- Open the Google Cloud Console and select your project.
- In the navigation menu, select “BigQuery” under the “Big Data” section.
- Select the dataset that contains the tables you want to encrypt.
- Click on the “Encrypt” button in the top menu bar.
- Select the “Customer-managed key” option.
- Choose the key you want to use to encrypt the data.
- Click on the “Encrypt” button to start the encryption process.
- Wait for the encryption process to complete.
- Once the encryption process is complete, all the tables in the selected dataset will be encrypted using the customer-managed key.
- Verify that the tables are encrypted by checking the “Encryption” column in the table list. It should show “Customer-managed key”.
Using CLI
Using CLI
To remediate the misconfiguration “GCP BigQuery Tables Should Be Encrypted” for GCP using GCP CLI, follow these steps:Note: Replace Note: Replace Note: Replace Note: Replace The output should show that the table is encrypted using the specified key.By following these steps, you can remediate the misconfiguration “GCP BigQuery Tables Should Be Encrypted” for GCP using GCP CLI.
- Open the Cloud Shell from the GCP console.
- Run the following command to enable the Cloud KMS API:
- Create a new keyring for BigQuery table encryption by running the following command:
<KEYRING_NAME> with a name of your choice and <LOCATION> with the location where you want to create the keyring.
4. Create a new key in the keyring by running the following command:<KEY_NAME> with a name of your choice and <KEYRING_NAME> and <LOCATION> with the names you used in step 3.
5. Grant the BigQuery service account the necessary permissions to use the key by running the following command:<KEY_NAME>, <KEYRING_NAME>, <LOCATION>, and <BIGQUERY_SERVICE_ACCOUNT_EMAIL> with the appropriate values.
6. Update the BigQuery table to use the new key for encryption by running the following command:<KEY_NAME>, <DATASET_NAME>, and <TABLE_NAME> with the appropriate values.
7. Verify that the BigQuery table is now encrypted by running the following command:Using Python
Using Python
To remediate the misconfiguration “GCP BigQuery Tables Should Be Encrypted”, you can use the following steps:
- Install the Google Cloud SDK by following the instructions provided in the official documentation.
-
Once you have installed the Google Cloud SDK, authenticate with your GCP account by running the following command:
-
Create a Python script to encrypt all the tables in your BigQuery dataset. You can use the following code as a starting point:
Replace the
your_dataset_id,your_project_id,your_location,your_key_ring, andyour_crypto_keyplaceholders with the actual values. -
Save the Python script and run it using the following command:
This will encrypt all the tables in your BigQuery dataset using the specified KMS key.
-
Verify that the tables have been encrypted by running the following command:
This will display the table metadata, including the encryption configuration.