From 7e8de8adb85bb1ccce59f8a6674546dfeb84d6ad Mon Sep 17 00:00:00 2001
From: Michael Dop <michael.dop@wellhive.com>
Date: Thu, 4 Feb 2021 10:07:27 -0500
Subject: [PATCH] check28 only look at symmetric keys

AWS doesn't support the automatic rotation of asymmetric keys
---
 checks/check28 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/check28 b/checks/check28
index d15e9fec..a7af6afd 100644
--- a/checks/check28
+++ b/checks/check28
@@ -25,7 +25,7 @@ check28(){
     if [[ $CHECK_KMS_KEYLIST ]];then
       CHECK_KMS_KEYLIST_NO_DEFAULT=$(
         for key in $CHECK_KMS_KEYLIST; do
-          $AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,state:KeyState,man:KeyManager}' --output text|grep Enabled$|grep -v AWS| awk '{ print $1 }'
+          $AWSCLI kms describe-key --key-id $key $PROFILE_OPT --region $regx --query 'KeyMetadata.{key:KeyId,state:KeyState,man:KeyManager,spec:CustomerMasterKeySpec}' --output text|grep Enabled$|grep -v AWS|grep SYMMETRIC| awk '{ print $1 }'
         done )
       if [[ $CHECK_KMS_KEYLIST_NO_DEFAULT ]]; then
         for key in $CHECK_KMS_KEYLIST_NO_DEFAULT; do