Ensure Automation account variables are encrypted
Error: Azure Automation account variables are not encrypted
Bridgecrew Policy ID: BC_AZR_GENERAL_25
Checkov Check ID: CKV_AZURE_73
Severity: LOW
Azure Automation account variables are not encrypted
Description
If you have Automation Account Variables storing sensitive data that are not already encrypted, then you will need to delete them and recreate them as encrypted variables.
Fix - Runtime
In Azure CLI
Set-AzAutomationVariable -AutomationAccountName '{AutomationAccountName}' -Encrypted $true -Name '{VariableName}' -ResourceGroupName '{ResourceGroupName}' -Value '{Value}'
Fix - Buildtime
Terraform
- Resource: azurerm_automation_variable_int
- Argument: encrypted
resource "azurerm_automation_variable_int" "example" {
...
+ encrypted = true
}
Updated 12 months ago