How to resolve Sprinto check to set the rotation period to be less than 90 days for GCP KMS encryption keys

About:

Sprinto check: GCP KMS Encryption Keys Are Rotated Within a Period of 90 Days

The above-mentioned Sprinto check in Sprinto verifies that all Cloud KMS (Key Management Service) encryption keys on the Google Cloud Platform (GCP) are rotated within a period of 90 days or fewer.

Purpose:

The purpose of this check is to enforce regular rotation of Cloud KMS encryption keys. Encryption keys are used to protect sensitive data, and rotating them regularly helps mitigate the risk of key compromise or misuse, as it reduces the potential window of exposure for any compromised keys.

How to fix this check:

Follow the below steps to resolve the check:

Before you begin:

• Ensure you have administrator privileges on the GCP account where you want to make configuration changes.

Updating via GCP Console

1. Log in to the GCP Console using your credentials.

2. Go to the Key Management service and select the Key Rings tab.

3. Select the key ring from the list.

4. Click on the Action option, and select Edit rotation period for the key you wish to modify the rotation period.

5. Ensure the Rotation period is set to less than 90 days, and then choose the Starting on date. Click Save to apply the changes.

6. Ensure all keys from every key ring list have a rotation period of less than 90 days.

Sprinto will detect the configuration change and set the check status to "Passing."

Contact Sprinto support if you have any queries related to the check or need assistance.