Ensure GitHub Actions secrets are encrypted

Error: GitHub Actions Environment Secrets are not encrypted
Bridgecrew Policy ID: BC_REPO_GITHUB_TF_6
Checkov Check ID: CKV_GIT_4
Severity: HIGH

Suggest Edits

GitHub Actions Environment Secrets are not encrypted

Description

In the GitHub Terraform provider, there is an optional field to include a plaintext string of the secret. If this is checked into code, it will expose the secret.

Fix - Buildtime

Terraform

Resource: github_actions_environment_secret, github_actions_organization_secret, github_actions_secret
Attribute: vulnerability_alerts

resource "github_actions_environment_secret" "test_secret" {
...
-  plaintext_value  = "example%value"
}

Updated 7 months ago