Ensure GitHub Actions secrets are encrypted
Error: GitHub Actions Environment Secrets are not encrypted
Bridgecrew Policy ID: BC_REPO_GITHUB_TF_6
Checkov Check ID: CKV_GIT_4
Severity: HIGH
GitHub Actions Environment Secrets are not encrypted
Description
In the GitHub Terraform provider, there is an optional field to include a plaintext string of the secret. If this is checked into code, it will expose the secret.
Fix - Buildtime
Terraform
- Resource: github_actions_environment_secret, github_actions_organization_secret, github_actions_secret
- Attribute: vulnerability_alerts
resource "github_actions_environment_secret" "test_secret" {
...
- plaintext_value = "example%value"
}
Updated 7 months ago