From 1900a66e0fb2ef1f17df455ebbf32de91b3aab86 Mon Sep 17 00:00:00 2001
From: Miguel Pais <miguelpais@gmail.com>
Date: Wed, 30 Oct 2024 08:47:07 +0100
Subject: [PATCH] making sure agentless scanning kms key uses rotation (#22)

---
 modules/agentless-scanning/main.tf           | 1 +
 modules/agentless-scanning/organizational.tf | 1 +
 2 files changed, 2 insertions(+)

diff --git a/modules/agentless-scanning/main.tf b/modules/agentless-scanning/main.tf
index 010767d..a649354 100644
--- a/modules/agentless-scanning/main.tf
+++ b/modules/agentless-scanning/main.tf
@@ -417,6 +417,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement:
diff --git a/modules/agentless-scanning/organizational.tf b/modules/agentless-scanning/organizational.tf
index b4a378a..d722cb4 100644
--- a/modules/agentless-scanning/organizational.tf
+++ b/modules/agentless-scanning/organizational.tf
@@ -181,6 +181,7 @@ Resources:
         Description: "Sysdig Agentless Scanning encryption key"
         PendingWindowInDays: ${var.kms_key_deletion_window}
         KeyUsage: "ENCRYPT_DECRYPT"
+        EnableKeyRotation: true   # Enables automatic yearly rotation
         KeyPolicy:
           Id: ${local.scanning_resource_name}
           Statement: