Control: GCP > Project > Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]

Manage the GCP Organization Policy "Restrict default Google-managed encryption on Cloud SQL instances" for the project. This boolean constraint, when set to True, requires all newly created, restarted, or updated Cloud SQL instances to use customer-managed encryption keys (CMEK). It is not retroactive (meaning existing instances with Google-managed encryption are not impacted unless they are updated or refreshed).

By default, this constraint is set to False and Google-managed encryption is allowed for Cloud SQL instances. Note: This control has been deprecated in v5.1.0 and will be removed in the next major version.

Resource Types

This control targets the following resource types:

GCP > Project

Primary Policies

The following policies can be used to configure this control:

Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]

In Your Workspace

Developers

Control Type URI

tmod:@turbot/gcp-orgpolicy#/control/types/sqlDisableDefaultEncryptionCreation

Category URI

tmod:@turbot/turbot#/control/categories/policy

GraphQL

query controlType(id: "tmod:@turbot/gcp-orgpolicy#/control/types/sqlDisableDefaultEncryptionCreation") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/gcp-orgpolicy#/control/types/sqlDisableDefaultEncryptionCreation'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/gcp-orgpolicy#/control/types/sqlDisableDefaultEncryptionCreation"