Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Bigtable Cluster Backups Should Be Encrypted With Customer Managed Keys” for GCP using GCP console, follow these steps:
- Open the Google Cloud Console and select the project where your Bigtable cluster is located.
- Go to the Cloud Bigtable section of the console and select your Bigtable instance.
- Click on the “Backups” tab and select the backup that you want to encrypt with a customer-managed key.
- Click on the “Edit” button next to the backup.
- In the “Encryption” section, select “Customer-managed key” from the drop-down menu.
- Click on the “Select a key” button and choose the customer-managed key that you want to use to encrypt the backup.
- Click on the “Save” button to save the changes.
- Repeat steps 3-7 for all the backups associated with your Bigtable cluster.
Using CLI
Using CLI
To remediate the misconfiguration of Bigtable Cluster Backups not being encrypted with customer-managed keys, you can follow the below steps using GCP CLI:Replace Replace Replace Replace
- Create a new key ring:
[KEYRING_NAME] with the name of the key ring you want to create and [LOCATION] with the location where you want to create the key ring.- Create a new key:
[KEY_NAME] with the name of the key you want to create and [KEYRING_NAME] and [LOCATION] with the name of the key ring and location where you created the key ring in step 1.- Grant the Cloud Key Management Service (KMS) service account permission to access the key:
[KEY_NAME], [KEYRING_NAME], [LOCATION], and [PROJECT_ID] with the name of the key, key ring, location, and project ID where you created the key ring.- Enable encryption for Bigtable backups:
[CLUSTER_ID] with the ID of the Bigtable cluster you want to update, [KEY_NAME] with the name of the key you created in step 2, and 1 with the version number of the key.After following these steps, all new backups for the Bigtable cluster will be encrypted with the customer-managed key.Using Python
Using Python
To remediate the misconfiguration of Bigtable Cluster Backups Should Be Encrypted With Customer Managed Keys in GCP, you can follow the below steps using Python:Note: Make sure to replace
- First, create a customer-managed encryption key (CMEK) in the Cloud Key Management Service (KMS) using the following code:
- Next, enable encryption for your Bigtable cluster backups using the CMEK you just created:
- Finally, verify that encryption is enabled for your Bigtable cluster backups:
project_id, location_id, key_ring_id, key_id, instance_id, cluster_id, and key_name with your own values.By following these steps, you can remediate the misconfiguration of Bigtable Cluster Backups Should Be Encrypted With Customer Managed Keys in GCP using Python.