Policy: GCP > BigQuery > Dataset > Encryption at Rest > Customer Managed Key

This template is used to generate the Google Cloud KMS symmetric key to use for dataset encryption at rest.

Resource Types

This policy targets the following resource types:

This policy is used with the following primary policy:

This policy setting is used by the following policy packs:

Schema Type	`string`
Examples [YAML]	projects/parker-aac/locations/us/keyRings/test-cis-keyring/cryptoKeys/test-cis-key

Category URI

tmod:@turbot/turbot#/control/categories/resourceEncryptionAtRest

Policy Type URI

tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey

GraphQL

query policyType(id: "tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-bigquery#/policy/types/datasetEncryptionAtRestCustomerManagedKey"