Skip to content

sensitive-in-attribute-value

Explanation

Sensitive data stored in attributes can result in compromised data. Sensitive data should be passed in through secret variables

Possible Impact

Sensitive credentials may be compromised

Suggested Resolution

Check the code for vulnerabilities and move to variables

Insecure Example

The following example will fail the general-secrets-sensitive-in-attribute-value check.

resource "aws_instance" "bad_example" {
    instance_type = "t2.small"

    user_data = <<EOF
        Password = "something secret"
EOF

}

Secure Example

The following example will pass the general-secrets-sensitive-in-attribute-value check.

variable "password" {
    type = string
}

resource "aws_instance" "good_instance" {
    instance_type = "t2.small"

    user_data = <<EOF
        export EDITOR=vimacs
EOF

}