A wildcard principal serves as a placeholder that grants access to all users or accounts, which can increase the risk of exposing your KMS keys to unauthorized access.

To mitigate this risk and enhance security, it is recommended to remove wildcard principals from your KMS key policies. By explicitly defining and restricting access to specific IAM users or accounts, you can enforce tighter access control, reducing the potential attack surface and minimizing the likelihood of unauthorized access to your cryptographic keys.