Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Data Encryption Workshop/ CSMS Secrets Must Use the Specified KMS Keys

Updated on 2025-08-25 GMT+08:00

View PDF

CSMS Secrets Must Use the Specified KMS Keys

Rule Details

**Table 1** Rule details
Parameter	Description
Rule Name	csms-secrets-using-cmk
Identifier	CSMS Secrets Must Use the Specified KMS Keys
Description	If a CSMS secret has not been configured with one of the specified KMS keys, this secret is non-compliant.
Tag	csms
Trigger Type	Configuration change
Filter Type	csms.secrets
Rule Parameters	kmsIdList: KMS key IDs. This value must be an array.

Application Scenarios

When you create a CSMS secret, you need to select a KMS key that meets your requirements.

If an improper KMS key is used, data leakage or service interruption may occur.

Solution

Use a specified KMS key to create a CSMS secret.

Rule Logic

If a CSMS secret does not use one of the specified KMS keys, this secret is non-compliant.
If a CSMS secret uses one of the specified KMS keys, this secret is compliant.

Parent topic: Data Encryption Workshop

Previous topic: CSMS Secrets Have Enabled Automatic Rotation

Next topic: CSMS Secrets Have Been Rotated Within the Specified Period

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.