Policy: GCP > Project > Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]
Manage the GCP Organization Policy "Restrict default Google-managed encryption on Cloud SQL instances" for the project. This boolean constraint, when set to True, requires all newly created, restarted, or updated Cloud SQL instances to use customer-managed encryption keys (CMEK). It is not retroactive (meaning existing instances with Google-managed encryption are not impacted unless they are updated or refreshed).
By default, this constraint is set to False and Google-managed encryption is allowed for Cloud SQL instances. Note: This policy has been deprecated in v5.1.0 and will be removed in the next major version.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- GCP > Project > Organization Policy
- GCP > Project > Organization Policy > Restrict default Google-managed encryption on Cloud SQL instances [Deprecated]
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/policy
- tmod:@turbot/gcp-orgpolicy#/policy/types/sqlDisableDefaultEncryptionCreation
- turbot graphql policy-type --id "tmod:@turbot/gcp-orgpolicy#/policy/types/sqlDisableDefaultEncryptionCreation"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-orgpolicy#/policy/types/sqlDisableDefaultEncryptionCreation"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI