KMS Encryption Check
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
dws-enable-kms |
|
Identifier |
KMS Encryption Check |
|
Description |
If KMS encryption is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant. |
|
Tag |
dws |
|
Trigger Type |
Configuration change |
|
Filter Type |
dws.clusters |
|
Rule Parameters |
None |
Application Scenarios
In GaussDB(DWS), you can enable database encryption for a cluster to protect static data. After you enable encryption, data of the cluster and its snapshots is encrypted. GaussDB(DWS) encrypts data as it is written to the database, and automatically decrypts it when queried, returning the results to the user. For details, see Using KMS to Encrypt GaussDB(DWS) Clusters.
Solution
Encryption is an optional and immutable setting that can be configured during cluster creation. To encrypt an unencrypted cluster, you must export all data from the unencrypted cluster and import it into a new cluster that has database encryption enabled.
Rule Logic
- If KMS encryption is enabled for a GaussDB(DWS) cluster, this cluster is compliant.
- If KMS encryption is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
