Ensure OpenStack instance does not use basic credentials

Error: OpenStack instance uses basic credentials

Bridgecrew Policy ID: BC_OPENSTACK_SECRETS_2
Checkov Check ID: CKV_OPENSTACK_4
Severity: LOW

OpenStack instance uses basic credentials

Description

When managing a compute instance in Terraform, you can override the root password using admin_pass. However, this is stored in plaintext and therefore exposes the root password to credential theft.

Fix - Buildtime

Terraform

  • Resource: openstack_compute_instance_v2
  • Arguments: admin_pass
resource "openstack_compute_instance_v2" "fail" {
  name            = "basic"
  image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
  flavor_id       = "3"
-  admin_pass      = "N0tSoS3cretP4ssw0rd"
  security_groups = ["default"]
  user_data       = "#cloud-config\nhostname: instance_1.example.com\nfqdn: instance_1.example.com"

  network {
    name = "my_network"
  }
}