Control types for @turbot/gcp-secretmanager
- GCP > Secret Manager > API Enabled
- GCP > Secret Manager > CMDB
- GCP > Secret Manager > Discovery
- GCP > Secret Manager > Secret > Active
- GCP > Secret Manager > Secret > Approved
- GCP > Secret Manager > Secret > CMDB
- GCP > Secret Manager > Secret > Discovery
- GCP > Secret Manager > Secret > Labels
- GCP > Secret Manager > Secret > Policy
- GCP > Secret Manager > Secret > Policy > Trusted Access
GCP > Secret Manager > API Enabled
Check whether GCP Secret Manager API is enabled.
API Enabled refers specifically to the API state of a service in a cloud project. This control determines whether the API state is set as per desired level.
The GCP > Secret Manager > API Enabled control compares
the API state against the API Enabled policies,
raises an alarm, and takes the defined enforcement action.
tmod:@turbot/gcp-secretmanager#/control/types/secretManagerApiEnabledGCP > Secret Manager > CMDB
Record and synchronize details for the GCP Secret Manager into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-secretmanager#/control/types/secretManagerCmdbGCP > Secret Manager > Discovery
Discover GCP Secret Manager resources and add them to the CMDB.
The Discovery control is tasked with identifying instances for a particular resource. The Discovery control will periodically search for new target resources and save them to the Turbot CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/gcp-secretmanager#/control/types/secretManagerDiscoveryGCP > Secret Manager > Secret > Active
Take an action when an GCP Secret Manager secret is not active based on the
GCP > Secret Manager > Secret > Active > * policies.
The Active control determines whether the resource is in active use, and if not, has the ability to delete / cleanup the resource. When running an automated compliance environment, it's common to end up with a wide range of alarms that are difficult and time consuming to clear. The Active control brings automated, well-defined control to this process.
The Active control checks the status of all defined Active policies for the
resource (GCP > Secret Manager > Secret > Active > *),
raises an alarm, and takes the defined enforcement action. Each Active
sub-policy can calculate a status of active, inactive or skipped. Generally,
if the resource appears to be Active for any reason it will be considered Active.
Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved.
See Active for more information.
tmod:@turbot/gcp-secretmanager#/control/types/secretActiveGCP > Secret Manager > Secret > Approved
Take an action when a GCP Secret Manager secret is not approved based on GCP > Secret Manager > Secret > Approved > * policies.
The Approved control checks the status of the defined Approved sub-policies for the resource. If the resource is not approved according to any of these policies, this control raises an alarm and takes the defined enforcement action.
For any enforcement actions that specify if new, e.g., Enforce: Delete unapproved if new, this control will only take the enforcement actions for resources created within the last 60 minutes.
See Approved for more information.
tmod:@turbot/gcp-secretmanager#/control/types/secretApprovedGCP > Secret Manager > Secret > CMDB
Record and synchronize details for the GCP Secret Manager secret into the CMDB.
The CMDB control is responsible for populating and updating all the attributes for that resource type in the Turbot CMDB.
Note: If CMDB is set to Skip for a resource, then it will not be added to the CMDB, and no controls that target it will run.
tmod:@turbot/gcp-secretmanager#/control/types/secretCmdbGCP > Secret Manager > Secret > Discovery
Discover GCP Secret Manager secret resources and add them to the CMDB.
The Discovery control is tasked with identifying instances for a particular resource. The Discovery control will periodically search for new target resources and save them to the Turbot CMDB. Once discovered, resources are then responsible for tracking changes to themselves through the CMDB control.
tmod:@turbot/gcp-secretmanager#/control/types/secretDiscoveryGCP > Secret Manager > Secret > Labels
Take an action when an GCP Secret Manager secret labels is not updated based on the GCP > Secret Manager > Secret > Labels > * policies.
If the resource is not updated with the labels defined in GCP > Secret Manager > Secret > Labels > Template, this control raises an alarm and takes the defined enforcement action.
See Labels for more information.
tmod:@turbot/gcp-secretmanager#/control/types/secretLabelsGCP > Secret Manager > Secret > Policy
tmod:@turbot/gcp-secretmanager#/control/types/secretPolicyGCP > Secret Manager > Secret > Policy > Trusted Access
Take an action when GCP Secret Manager Secret policy is not trusted based on the
GCP > Secret Manager > Secret > Policy > Trusted Access > * policies.
The Trusted Access control evaluates the IAM policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Domains, Trusted Access > Groups, etc)., this control raises an alarm and takes the defined enforcement action.
If set to "Enforce: Trusted Access > *", access to non-trusted members will be removed.
tmod:@turbot/gcp-secretmanager#/control/types/secretPolicyTrustedAccess