Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Data Encryption Workshop/ CSMS Secrets Must Use the Specified KMS Keys
Updated on 2025-08-25 GMT+08:00

CSMS Secrets Must Use the Specified KMS Keys

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

csms-secrets-using-cmk

Identifier

CSMS Secrets Must Use the Specified KMS Keys

Description

If a CSMS secret has not been configured with one of the specified KMS keys, this secret is non-compliant.

Tag

csms

Trigger Type

Configuration change

Filter Type

csms.secrets

Rule Parameters

kmsIdList: KMS key IDs. This value must be an array.

Application Scenarios

When you create a CSMS secret, you need to select a KMS key that meets your requirements.

If an improper KMS key is used, data leakage or service interruption may occur.

Solution

Use a specified KMS key to create a CSMS secret.

Rule Logic

  • If a CSMS secret does not use one of the specified KMS keys, this secret is non-compliant.
  • If a CSMS secret uses one of the specified KMS keys, this secret is compliant.