Enable TDE with a custom key for a Redis instance

更新时间:
复制 MD 格式

This rule checks whether Transparent Data Encryption (TDE) is enabled with a custom key for a Redis instance. A compliant instance has TDE enabled with a custom key.

Scenarios

Encrypting data with a custom key helps meet regulatory requirements and improve data security.

Risk level

Default risk level: Medium.

You can change the risk level when you apply this rule.

Detection logic

  • A Redis instance is considered "compliant" if TDE is enabled with a custom key.

  • A Redis instance is considered "non-compliant" if TDE is not enabled, or if TDE is enabled with an auto-generated key. To fix this issue, see Remediation.

Rule details

Parameter

Description

Rule name

Enable TDE with a custom key for a Redis instance

Rule identifier

redis-instance-enabled-byok-tde

Tag

Redis

Auto-remediation

Not supported

Rule trigger mechanism

Periodic execution

Trigger frequency

24 hours

Supported resource types

Redis instance

Rule input parameters

None

Remediation

Enable TDE for the Redis instance with a custom key. For more information, see Enable Transparent Data Encryption (TDE).