Azure - VM Disk Double Encryption Plugin #1813
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mehakseedat63
force-pushed
the
azure/vm_disk_double_encryption
branch
3 times, most recently
from
a1a73cb to
66930c4
Compare
alphadev4
reviewed
Dec 29, 2023
alphadev4
reviewed
Dec 29, 2023
| domain: 'Compute', | ||
| description: 'Ensures that VM disks are encrypted at rest using both platform and customer managed keys.', | ||
| more_info: 'Using double encryption for VM disks adds an extra layer of protection using a different encryption algorithm/mode at the infrastructure layer using platform managed encryption keys and provides an additional level of security if one of the keys is compromised.', | ||
| recommended_action: 'Enable double encryption for all VM disks.', |
There was a problem hiding this comment.
i think we cannot enabled double encryption after vm disk is created
alphadev4
reviewed
Dec 29, 2023
| if (!disk.id) continue; | ||
|
|
||
| if (disk.encryption && disk.encryption.type && disk.encryption.type.toLowerCase() === 'encryptionatrestwithplatformandcustomerkeys'){ | ||
| helpers.addResult(results, 0, 'VM disk is encrypted using both platform and customer managed keys', location, disk.id); |
There was a problem hiding this comment.
i think we should have the message as VM Disk has double encryption enabled. ( Mapping as plugin name )
alphadev4
reviewed
Dec 29, 2023
| if (disk.encryption && disk.encryption.type && disk.encryption.type.toLowerCase() === 'encryptionatrestwithplatformandcustomerkeys'){ | ||
| helpers.addResult(results, 0, 'VM disk is encrypted using both platform and customer managed keys', location, disk.id); | ||
| } else { | ||
| let message = 'VM disk is not double encrypted'; |
There was a problem hiding this comment.
Suggested change
| let message = 'VM disk is not double encrypted'; | |
| let message = 'VM disk does not have double encryption enabled.'; |
alphadev4
reviewed
Dec 29, 2023
| @@ -39,6 +39,7 @@ module.exports = { | |||
| var found = false; | |||
| for (var i in disks.data) { | |||
| var disk = disks.data[i]; | |||
| console.log(disk); | |||
There was a problem hiding this comment.
Suggested change
| console.log(disk); |
mehakseedat63
force-pushed
the
azure/vm_disk_double_encryption
branch
from
bf2eca1 to
cc40aa9
Compare
mehakseedat63
force-pushed
the
azure/vm_disk_double_encryption
branch
from
d3d8836 to
feb4559
Compare
alphadev4
approved these changes
Jan 30, 2024
mehakseedat63
force-pushed
the
azure/vm_disk_double_encryption
branch
from
2eac639 to
b720d0e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.