content-type-for-secret
Default Severity: low
Explanation
Content Type is an optional Key Vault Secret behavior and is not enabled by default.
Clients may specify the content type of a secret to assist in interpreting the secret data when it's retrieved. The maximum length of this field is 255 characters. There are no pre-defined values. The suggested usage is as a hint for interpreting the secret data.
Possible Impact
The secret's type is unclear without a content type
Suggested Resolution
Provide content type for secrets to aid interpretation on retrieval
Insecure Example
The following example will fail the azure-keyvault-content-type-for-secret check.
resource "azurerm_key_vault_secret" "bad_example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
}
Secure Example
The following example will pass the azure-keyvault-content-type-for-secret check.
resource "azurerm_key_vault_secret" "good_example" {
name = "secret-sauce"
value = "szechuan"
key_vault_id = azurerm_key_vault.example.id
content_type = "password"
}